Custom Application IDs and Signatures
    : dns-req-section
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Custom Application IDs and Signatures
    4. Custom Application and Threat Signatures
    5. Custom Signature Contexts
    6. String Contexts
    7. dns-req-section
    Download PDF

    Custom Application IDs and Signatures

    dns-req-section

    Table of Contents

    dns-req-section

    This context matches the DNS questions of a DNS query so that patterns can be written against one or more domains in a given DNS query.

    Additional Details

    This context is a direct pattern match against the format of a DNS query, so patterns must adhere to the DNS question structure. A recommended approach to create a DNS pattern is to capture the DNS request with Wireshark and copy the DNS Request field (make sure to remove the ending period in the request).

    Context Capture

    This example illustrates how to build a signature for a DNS query for the domain www.thebayareagamers.com.
    The Wireshark representation of the above table. Everything highlighted yellow and blue is provided by this context. The blue section is where the hexadecimal string is pulled from for the above table.

    © 2024 Palo Alto Networks, Inc. All rights reserved.