Create a
decryption policy rule with an action
to decrypt HTTPS traffic on port 853, which includes DNS Security over TLS
traffic (refer to the
Decryption Best Practices for more
information). When DNS Security over TLS traffic is decrypted, the resulting DNS
requests in the logs appear as conventional
dns-base
applications.
(Optional) Search for activity on the firewall
for decrypted TLS-encrypted DNS queries that have been processed
using DNS Security.
Select and select
Threat logs. Use the
query builder to filter based on the application using
dns-base and port 853 (which is exclusively
used for DNS Security over TLS transactions), for example,
app =
'dns-base' AND source_port = 853.
Select a log entry to view the details of the detected
DNS threat.
The Application should display dns-base in
the General pane and the Port in
the Source pane of the detailed log view.
Other relevant details about the threat are displayed in their corresponding
tabs.