How To Block a Specific DNS Query

How To Block a Specific DNS Query

38331
Created On 04/08/19 05:18 AM - Last Modified 05/15/20 21:33 PM


Objective


Preventing the client from resolving the DNS record of www.example.com.

Environment


PAN-OS Any

Procedure


1. From Objects > Application > Add 

Configuration Tab: 
Name: DNS-example-stop
Category: general-internet
Subcategory: Internet-utility
Technology: client-server
Parent App: DNS

Advanced Tab:
Defaults: Port
Port: udp/53

Signature: click Add
Signature Name: example-blocking
Click Add Or Condition
Operator: Pattern Match
Context: dns-req-section
Pattern: www.example.com

2. Click OK to submit the changes
3. Apply the above application to the appropriate security policy


 

 

Additional Information


NOTE:
  • The pattern has to match at least 7continuous bytes or the validation will fail.
  • For example: www.google.com (6 bytes) will not pass through the validation. But www.facebook.com (8 bytes) will work.
  • www\.google\.com will pass through validation, but it will not work to block the DNS query.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLRfCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language