Test Connectivity to the DNS Security Service

Access the firewall CLI.

Use the following CLI command to verify your firewall’s connection availability to the DNS Security service.

show dns-proxy dns-signature info

For example:

show dns-proxy dns-signture info

Cloud URL: dns.service.paloaltonetworks.com:443

Telemetry URL: io.dns.service.paloaltonetworks.com:443

Last Result: None

Last Server Address:

Parameter Exchange: Interval 300 sec

Allow List Refresh: Interval 43200 sec

Request Waiting Transmission: 0

Request Pending Response: 0

Cache Size: 0

If your firewall has an active connection to the DNS Security service, the server details display in the response output.

Retrieve a specified domain’s transaction details, such as latency, TTL, and the signature category.

Use the following CLI command on the firewall to review the details about a domain:

test dns-proxy dns-signature fqdn 

For example:

test dns-proxy dns-signature fqdn www.yahoo.com

DNS Signature Query [ www.yahoo.com ]

Completed in 178 ms

DNS Signature Response

Entries: 2

Domain                             Category        GTID                 TTL
-------------------------------------------------------------------------------------------------
*.yahoo.com                        Benign          0                    86400
  www.yahoo.com                    Benign          0                    3600