The DNS Security service collects server response and request information based on your firewall security policy rules, associated action, and the DNS query details when performing domain lookups. The firewall forwards the DNS data in less than 30 seconds after collection and batching does not impact firewall performance. In cases where the firewall is experiencing a high load, DNS data collection scales down as needed to maintain expected performance levels. Palo Alto Networks uses this data to provide more accurate domain information (such as provider ASN, hosting information, and geolocation identification) to generate improved analytics, DNS detection, and prevention capabilities.

The firewall can submit the following data fields:

Data fields that can be used to potentially identify users (Source IP, Source User, and Source Zone) can be withheld from automatic submission using the following CLI command:

set deviceconfig setting ctd cloud-dns-privacy-mask yes

. You must

commit

the changes for the update to take effect.