Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

DNS DGA Detection Overview

Domain Name System (DNS) Domain Generation Algorithm (DGA) generates seemingly random domain names that are used as rendezvous points with potential C&C servers. DNS DGA detection uses machine learning models as well as known pre-computed DGA domain names and provides domain verdicts, which helps in-line blocking and sinkholing of DNS queries on SRX Series Firewalls.

Juniper ATP Cloud provides a machine learning-based DGA detection model. SRX Series Firewall acts as a collector of security metadata and streams the metadata to Juniper ATP Cloud for DGA analysis. We use both ATP Cloud service and security-metadata-streaming framework to conduct DGA Inspection in the cloud.

DNS DGA detection is available only with ATP Cloud premium license.

To view DNS DGA detections, log in to Juniper ATP Cloud Web portal and navigate to Monitor > DNS. The DGA detections are displayed as shown in Figure 1

Figure 1: DNS DGA Page DNS DGA Page

To enable DNS DGA detections on SRX Series Firewalls, see Juniper Advanced Threat Prevention Cloud Administration Guide.

Note:

Domain Name System Security Extensions (DNSSEC) and Extension Mechanisms for DNS (EDNS) queries are dropped by default.