Before you can enable and configure Advanced DNS Security or DNS Security, you must obtain and install a Threat Prevention (or Advanced Threat Prevention) license as well as an Advanced DNS Security or DNS Security license in addition to any platform licenses from where it is operated. Licenses are activated from the Palo Alto Networks Customer Support Portal and must be active before DNS analysis can take place. Additionally, DNS Security subscription services (similar to other Palo Alto Networks security services) are administered through security profiles, which in turn is dependent on the configuration of network enforcement policies as defined through security policy rules. Before enabling a DNS Security subscription service, it is recommended that you familiarize yourself core components of the security platform in which the security subscriptions are enabled. Refer to your product documentation for more information.

To enable and configure a DNS Security subscription service to function optimally within your network security deployment, refer to the tasks below. While it may not be necessary to implement all of the processes shown here, Palo Alto Networks recommends reviewing all of the tasks to familiarize yourself with the available options for a successful deployment. It is additionally recommended that you follow the best practices provided by Palo Alto Networks for the optimum usability and security.