Enable DNS Security Log Type
Focus
Focus
Advanced DNS Security Powered by Precision AI®

Enable DNS Security Log Type

Table of Contents

Enable DNS Security Log Type

DNS Security supports a log type specifically tailored for DNS Security events to provide visibility and reporting for both benign and malicious DNS traffic.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by PAN-OS or Panorama)
  • VM-Series
  • CN-Series
  • Advanced DNS Security License (for enhanced feature support), DNS Security License, or Advanced DNS Resolver License
  • Advanced Threat Prevention or Threat Prevention License (not required for Advanced DNS Resolver)
For PAN-OS 12.1 releases and later, DNS Security supports a log type specifically for DNS Security events, enhancing visibility and reporting for both benign and malicious DNS traffic, while also providing comprehensive DNS transaction details, including query and response information. This must be specifically enabled by the user, as the previous logs generated for DNS traffic was defined as a DNS threat category, and were subsequently filed under the Threat log type. With the updated DNS Security log type, you can configure the firewall to generate logs for benign DNS queries. Additionally, the logs can be forwarded to external logging systems, including Palo Alto Networks Strata Logging Service, and are accessible through the log viewer and dashboard.
The updated DNS Security logs also provide comprehensive DNS transaction details. These include essential fields such as session ID, receive time, source and destination information, DNS category, threat name, severity, and action taken. It also provides detailed DNS response data, including flags, query name, record type, resolved IP addresses, and TTL values. This comprehensive logging enables you to identify compromised endpoints, assess potential risks to other clients, and perform retrospective analysis of DNS activity during security incidents. When enabled you can capture all DNS traffic logs, allowing for more accurate analysis and enhanced ability to detect, investigate, and respond to DNS-based threats and improved incident response capabilities.
  1. Enable the DNS Security log type on the firewall.
    1. Select DeviceManagementand edit the Logging and Reporting Settings.
    2. Select the Improved DNS Security Logging option and click OK to save your settings.
    3. Commit your changes.
  2. Enable logging for benign DNS queries.
    1. Select ObjectsAnti-Spyware and edit your Anti-Spyware profile. If you do not have an existing Anti-Spyware profile for handling DNS queries, refer to Enable DNS Security.
    2. Select the DNS Policies tab and de-select Disable logging for benign DNS Security traffic.
    3. Click OK to save your changes.
    4. Commit your changes.
  3. (Optional) Create or update the log forwarding profile configuration to forward DNS Security logs to an external source.
    • When selecting the Log Type during the configuration of the log forwarding profile entry, select dns-security.
    • Forwarding the DNS Security logs to Strata Cloud Service provides log accessibility from SLS connected platforms and enhances monitoring and visibility in the DNS Security dashboard.