Test Connectivity to the DNS Security Service

Where Can I Use This?
What Do I Need?
  • NGFW
  • DNS Security License
  • Advanced Threat Prevention or Threat Prevention License
Verify your firewall connectivity to the DNS Security service. If you cannot reach the service, verify that the following domain is not being blocked: dns.service.paloaltonetworks.com.
  1. Access the firewall CLI.
  2. Use the following CLI command to verify your firewall’s connection availability to the DNS Security service.
    show dns-proxy dns-signature info
    For example:
    show dns-proxy dns-signture info Cloud URL: dns.service.paloaltonetworks.com:443 Telemetry URL: io.dns.service.paloaltonetworks.com:443 Last Result: None Last Server Address: Parameter Exchange: Interval 300 sec Allow List Refresh: Interval 43200 sec Request Waiting Transmission: 0 Request Pending Response: 0 Cache Size: 0
    If your firewall has an active connection to the DNS Security service, the server details display in the response output.
  3. Retrieve a specified domain’s transaction details, such as latency, TTL, and the signature category.
    Use the following CLI command on the firewall to review the details about a domain:
    test dns-proxy dns-signature fqdn
    For example:
    test dns-proxy dns-signature fqdn www.yahoo.com DNS Signature Query [ www.yahoo.com ] Completed in 178 ms DNS Signature Response Entries: 2 Domain Category GTID TTL ------------------------------------------------------------------------------------------------- *.yahoo.com Benign 0 86400 www.yahoo.com Benign 0 3600

Recommended For You