The
DNS Security service collects
server response and request information based on your firewall security
policy rules, associated action, and the DNS query details when performing
domain lookups. The firewall forwards the DNS data in less than
30 seconds after collection and batching does not impact firewall
performance. In cases where the firewall is experiencing a high
load, DNS data collection scales down as needed to maintain expected
performance levels. Palo Alto Networks uses this data to provide
more accurate domain information (such as provider ASN, hosting
information, and geolocation identification) to generate improved
analytics, DNS detection, and prevention capabilities.