The Advanced DNS Resolver is a standalone service that provides cloud-based DNS
resolution with real-time inspection capabilities to protect against DNS-based
threats.
The
Advanced DNS Resolver service enhances
your DNS security posture by providing cloud-based DNS resolution and inspection
capabilities. This service allows you to forward your internet-bound DNS requests to
a secure resolver managed by Palo Alto Networks, offering both domain-to-IP
resolution and protection against DNS-based threats based on the Advanced DNS
Security cloud service.
Along with DNS request inspection that protects from standard DNS threats, the
resolver also offers real-time DNS response inspection to detect and prevent
advanced threats such as DNS hijacking and DNS configuration vulnerabilities.
Additionally, it can identify compromised DNS provider accounts, man-in-the-middle
attacks, and potential exploitation of NXDOMAINs. These features help safeguard your
organization against sophisticated DNS-based attacks and misconfigurations that
could lead to security breaches.
The ADNS Resolver supports multiple protocols including DNS over UDP, and TCP,
ensuring compatibility with various network configurations. It also provides
granular policy controls, allowing you to apply detailed security rules based on
network security requirements. The service includes comprehensive logging
capabilities, adhering to federal mandates for DNS logging, and offers detailed
visibility and reporting features.
The ADNS Resolver is designed to be highly available and low-latency, with support
for multiple protocols including DNS over UDP, and TCP. It offers comprehensive
logging using the Strata Cloud Manager log viewer and Activity Insights for incident
response. By using this service, you can enhance your DNS security, simplify your
security infrastructure, and gain better visibility into your DNS traffic, all while
maintaining compliance with data residency requirements and security mandates.