We changed our name from IT Central Station: Here's why

What advice do you have for others considering Palo Alto Networks DNS Security?

If you were talking to someone whose organization is considering Palo Alto Networks DNS Security, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
33 Answers

author avatar
Top 5LeaderboardReseller

My advice to those wanting to implement Palo Alto Next-generation Firewalls, VM-Series, K2, or any other firewall from Palo Alto, I would recommend them to enable DNS Security. I rate Palo Alto Networks DNS Security a nine out of ten.

author avatar
Top 5Real User

We are customers and end-users. I'm not sure which version of the solution we're using. I'm currently during training with new virtual firewalls. DNS is a very ancient protocol. The protocol 53 and the UCP and so on, and ARP. We need to review that architecture due to the way we do networking is open to hacking. People can poison the cache, and therefore we need to look at a way of doing away with ARP, doing away with the UCP and having, let's say, the address convert automatically into the IP address and do away with IP version 6. IP version 6 was a total mess. Although the protocol works, it consumes too much overhead and it's too much of a fat protocol. It uses 64 bit, 128 bit, hex addressing at the Mac layer and also at the network layer when using hex. We need to stick with expanding IP version 4, data in notation. That works at a human level better than working at the network layer. When you use, let's say, IP version 6 it is very difficult to troubleshoot. It's a lot easier to troubleshoot IP version 4, that it's decimal and hex at the network layer. It's a lot easier to identify patterns, easier for the eye to be able to recognize that something is negative or to understand how protocols are working or how routing is working. Right now, most companies operate with all the DNS. What's surrounding the DNS are the firewalls, intrusion protection and detection, load balancing, fault tolerance et cetera. Other than that, we don't have a secure DNS. That's why we need to reinvent networking. We need to switch to a new method of networking, where we have a truly secure DNS. Without the DNS the internet does not work. That's like having a store open to pirates. DNS is the best thing that has been invented, as far as the internet goes, as that's what allows the browsers to work, that's what allows network solutions to work. Without it we're dead. I'd rate the solution at an eight out of ten.

author avatar
Top 5LeaderboardReal User

For us, this is the best product that we have used. Nonetheless, I will recommend it only once they have integration with Cisco Meraki so that the two technologies can work together. I would rate this solution a nine out of ten.

Learn what your peers think about Palo Alto Networks DNS Security. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.