DNS Security now supports a new log type specifically tailored for DNS Security events, enhancing visibility and reporting for both benign and malicious DNS traffic, while also providing comprehensive DNS transaction details, including query and response information. Previously, DNS Security logs were generated for DNS traffic defined as a DNS threat category and were subsequently filed under the Threat log type. With the new DNS Security log type, you can configure the firewall to generate logs for benign DNS queries. Additionally, the logs can be forwarded to external logging systems, including Palo Alto Networks Strata Logging Service, and are accessible through the log viewer and dashboard.

The updated DNS Security logs also provide comprehensive DNS transaction details. These include essential fields such as session ID, receive time, source and destination information, DNS category, threat name, severity, and action taken. It also provides detailed DNS response data, including flags, query name, record type, resolved IP addresses, and TTL values. This comprehensive logging enables you to identify compromised endpoints, assess potential risks to other clients, and perform retrospective analysis of DNS activity during security incidents. When enabled, you can capture all DNS traffic logs, allowing for more accurate analysis and enhanced ability to detect, investigate, and respond to DNS-based threats and improved incident response capabilities.