Inaccurate result that affected by local firewall, like Palo Alto Networks firewall DNS Sinkhole.

PeterDaveHello / chkdomain

🔍 Discover if a domain is resolvable or blocked by secure DNS and Ad-blocking services, and experience the innovative idea of DaaS - DNS as an Intelligence Service.

GNU General Public License v3.0

71 stars 14 forks source link

Inaccurate result that affected by local firewall, like Palo Alto Networks firewall DNS Sinkhole. #1

Closed PeterDaveHello closed 2 years ago

PeterDaveHello commented 2 years ago

Palo Alto Networks firewall can intercept the DNS query, and then forge response for known malicious domain, which will cause the result to be inaccurate.

Though the DNS Sinkhole can be changed to any IP address, by default, it will be sinkhole.paloaltonetworks.com., which is a recognizable pattern, should be detected, and show some prompt message.

PeterDaveHello commented 2 years ago

Reference:

PAN-OS® Administrator’s Guide - How DNS Sinkholing Works
- https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/dns-sinkholing
Palo Alto Networks Knowledge Base - What are suspicious DNS queries?
- https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5kCAC