Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
MENU
Home
DNS Security
DNS Security Administration
Configure DNS Security
DNS Security Test Domains
Document:
DNS Security Administration
DNS Security Test Domains
Last Updated:
Wed Mar 15 01:02:16 UTC 2023
Table of Contents
Filter
About DNS Security
Cloud-Delivered DNS Signatures and Protections
DNS Security Data Collection and Logging
DNS Security Service Domains
Configure DNS Security
Enable DNS Security
Prisma Access
PAN-OS
PAN-OS 11.0 and Later
PAN-OS 10.0
PAN-OS 9.1
Configure DNS-Over-TLS
Prisma Access
PAN-OS
Configure DNS-Over-DoH
Prisma Access
PAN-OS
Create Domain Exceptions and Allow | Block Lists
Create Domain Exceptions and Allow | Block Lists (Prisma Access)
PAN-OS
Create domain signature exceptions and allow lists in PAN-OS 10.0 and later
Create domain signature exceptions in PAN-OS 9.1
DNS Security Test Domains
Test Connectivity to the DNS Security Service
Configure Lookup Timeout
Bypass DNS Security
Prisma Access
PAN-OS
PAN-OS 10.0
PAN-OS 9.1
Monitor DNS Security
View DNS Security Dashboard
DNS Security Dashboard Cards
Prisma Access
AIOps
View DNS Security Logs
Prisma Access
PAN-OS
AIOps
Cortex Data Lake
About DNS Security
Cloud-Delivered DNS Signatures and Protections
DNS Security Data Collection and Logging
DNS Security Service Domains
Configure DNS Security
Enable DNS Security
Configure DNS-Over-TLS
Configure DNS-Over-DoH
Create Domain Exceptions and Allow | Block Lists
DNS Security Test Domains
Test Connectivity to the DNS Security Service
Configure Lookup Timeout
Bypass DNS Security
Monitor DNS Security
View DNS Security Dashboard
DNS Security Dashboard Cards
View DNS Security Logs
Previous
Next
DNS Security Test Domains
Where Can I Use This?
What Do I Need?
Prisma Access
NGFW
DNS Security License
Advanced Threat Prevention or Threat Prevention License
Palo Alto Networks provides the following DNS Security test domains to validate your policy configuration based on the DNS category.
Access the following test domains to verify that the policy action for a given threat type is being enforced:
C2—
test-c2.testpanw.com
DNS Tunneling—
test-dnstun.testpanw.com
DGA—
test-dga.testpanw.com
Dynamic DNS*—
test-ddns.testpanw.com
Malware—
test-malware.testpanw.com
Newly Registered Domains*—
test-nrd.testpanw.com
Phishing*—
test-phishing.testpanw.com
Grayware*—
test-grayware.testpanw.com
Parked*—
test-parked.testpanw.com
Proxy Avoidance and Anonymizers*—
test-proxy.testpanw.com
Fast Flux*—
test-fastflux.testpanw.com
Malicious NRD*—
test-malicious-nrd.testpanw.com
NXNS Attack*—
test-nxns.testpanw.com
Dangling Domains*—
test-dangling-domain.testpanw.com
DNS Rebinding*—
test-dns-rebinding.testpanw.com
DNS Infiltration*—
test-dns-infiltration.testpanw.com
Wildcard Abuse*—
test-wildcard-abuse.testpanw.com
Strategically-Aged Domains*—
test-strategically-aged.testpanw.com
Compromised DNS*—
test-compromised-dns.testpanw.com
Ad Tracking Domains*—
test-adtracking.testpanw.com
CNAME Cloaking*—
test-cname-cloaking.testpanw.com
The test domains marked with an * are not supported in PAN-OS 9.1.
Verify that the DNS query request has been processed by DNS Security by
monitoring the activity
.
Previous
Next
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.