Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create and Manage DNS Profiles

Create a DNS profile to configure feeds and threat score to list the domains that are known to be connected to malicious activity.

  1. Click SRX > Security Subscriptions > SecIntel > Profiles.
    The SecIntel Profiles page appears.
  2. Select Create > DNS.
    The Create DNS Profile page appears.
  3. Complete the configuration according to the following guidelines:
    Table 1: Fields on the Create DNS Profile Page

    Field

    Action

    Name

    Enter a name for the DNS profile.

    The name must be a unique string of alphanumeric and special characters; 63-character maximum. Special characters such as < and > are not allowed.

    Description

    Enter a description for the DNS profile.

    Default action for all feeds

    Drag the slider to change the action to be taken for all the feed types. Actions are Permit (1 - 4), Log (5-6), and Block (7 - 10).

    Log will have the permit action and also logs the event.

    Specific action for feeds

    Do the following:

    1. Click + to define feeds and threat score to the DNS profile.

      The Add Feeds window appears.

    2. Enter the following details:

      1. Feeds—Select one or more feeds from the Available column and move it to the Selected column to associate with the DNS profile.

      2. Threat score—Drag the slider to change the action to be taken based on the threat score.

    3. Click OK.
    Block action

    Select one of the following block actions from the list:

    • Drop Packets—Device silently drops the session’s packet and the session eventually times out.

    • Sinkhole—DNS sinkhole action for malicious DNS queries. DNS Sinkhole feature enables you to block DNS requests for the disallowed domains by resolving the domains to a sinkhole server or by rejecting the DNS requests.
  4. Click OK to save the changes. To discard your changes, click Cancel.

    Once you create the DNS profile, you can associate it with the SecIntel profile groups.

Manage DNS Profiles

  • Edit—Select the profile, and then click . If the profile is referenced in a firewall policy intent, then the firewall policy is marked for deployment. You must deploy the firewall policy for the changes to take effect on the device.

  • Clone—Select the profile, and then click More > Clone.

  • Delete—Select the profile, and then click .

Related Documentation