Re: Palo Alto firewalls and DNS delays

["Myers, Rick" <rick.myers () TXSTATE EDU>]

Another +1 for a PA user list

Rick Myers
Information Security Analyst
VP for Information Technology 
Texas State University-San Marcos


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julian Y 
Koh
Sent: Tuesday, March 12, 2013 7:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Palo Alto firewalls and DNS delays

[Side Note: Anyone want to start up a mailing list for PA users, like the one that Stanford runs for PacketShaper users 
and the one run by UNC for TippingPoint users?]

For those people running PA firewalls, has anyone seen an issue where DNS queries get delayed through the box by 
anywhere from 1-5 seconds?  We've got a case open with PA, but I thought we'd just cast a quick line out here to see if 
we caught anything on it.  

My gut feeling is that somehow the box is trying to do some reputation or botnet C&C lookup, but supposedly that was 
turned off during testing with no change in behavior.

We're running 5060s with 4.1.11 software.  

Thanks in advance!


--
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: <http://www.it.northwestern.edu/> PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>