DNS performs a crucial role in enabling user access
to network resources so that users need not remember IP addresses
and individual computers need not store a huge volume of domain
names mapped to IP addresses. DNS employs a client/server model;
a DNS server resolves a query for a DNS client by looking up the
domain in its cache and if necessary sending queries to other servers
until it can respond to the client with the corresponding IP address.
The DNS structure of domain names is hierarchical; the top-level
domain (TLD) in a domain name can be a generic TLD (gTLD): com,
edu, gov, int, mil, net, or org (gov and mil are for the United
States only) or a country code (ccTLD), such as au (Australia) or
us (United States). ccTLDs are generally reserved for countries
and dependent territories.
A fully qualified domain name (FQDN) includes at a minimum a
host name, a second-level domain, and a TLD to completely specify
the location of the host in the DNS structure. For example, www.paloaltonetworks.com
is an FQDN.
Wherever a Palo Alto Networks firewall uses an FQDN in the user
interface or CLI, the firewall must resolve that FQDN using DNS.
Depending on where the FQDN query originates, the firewall determines
which DNS settings to use to resolve the query. The following firewall
tasks are related to DNS:
DNS Monitoring, which allows the firewall to automatically
share domain-to-IP address mappings based on your network traffic
with Palo Alto Networks. The Palo Alto Networks threat research
team uses this information to gain insight into malware propagation
and evasion techniques that abuse the DNS system.
an Interface as a DHCP Server. This enables the firewall
to act as a DHCP Server and sends DNS information to its DHCP clients
so the provisioned DHCP clients can reach their respective DNS servers.