# Use DNS in Fusion Recursive DNS request and response logs are a valuable data source for network forensics. Fusion supports DNS log ingestion from **Amazon Web Services (AWS) Route 53** and **Google Cloud Platform (GCP)**. Support for Infoblox NIOS, Cisco Umbrella, and Azure Firewall DNS Proxy are on the product roadmap - if you are using one of these and would like to ingest it, reach out to Support. Combined with network flow metadata, Fusion becomes an even more robust system for network forensics, compromise detection, and network visibility. By analyzing the DNS requests made in your network, you can use Fusion to: * Reconstruct event timelines post-incident. * Improve mean time to resolve events through enhanced DNS and Flow data visualization. * Highlight patterns of communications with suspicious or malicious domains. * Identify DNS patterns indicative of malware or command and control servers. * Add DNS-specific fields in NQL for traffic forensic analysis. * Use detection models based on DNS traffic. * See dashboard visualizations and metrics for DNS activity in the network. ### Ingesting DNS Logs to Fusion See [Ingesting DNS Logs to Fusion](https://docs.netography.com/ingest-network-traffic-logs/dns-logs). ### Configure internal domains in Traffic Classification See [Ingesting DNS Logs to Fusion](https://docs.netography.com/ingest-network-traffic-logs/dns-logs) ### Using DNS in the Fusion Portal #### Terminology: Flow, DNS, and Traffic You may notice the terms **Flow**, **DNS**, and **Traffic** throughout the portal. * **Flow** only relates to network flow records. * **DNS** only relates to the DNS resolver records. * **Traffic** is the term used for the combination of **Flow** and **DNS**. #### Using DNS in the Global filter Click the filter button (the rounded button in the top-left of Portal that says **Flow**, **Traffic**, **DNS**, **Events**, or **Blocks**). to change the filter to **DNS** or **Traffic**. Changing the filter to **DNS** permits Fusion to perform operations related to DNS records. Changing the filter to **Traffic** permits Fusion to perform operations related to DNS **and** Flow records. ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-67d9fe6cdca1861fdaa9e0188cf796c9eb75bc95%2Ff86cfa0f2a5836605244b8ca88626b670ab0d34c3bc066a8dcb0dd61042e05f4.png?alt=media) #### Using DNS in Detection Models The **Traffic Type** field is present when you create or edit a detection model. Selecting **DNS** lets you build DNS-based detections. ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-713ab3ccf6e76fda2c1f8fedc199af01c9a0fa35%2F52f2fa8fbb3cb75bd33a28d0a32f85c5335cea511065248021d53a83561aa465.png?alt=media) #### Using DNS in Events When a Detection Model with **Traffic Type DNS** generates an event, the **traffic** column displays **DNS**. ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-8f245f74b13bf7b317f9f48203a4cda197ca75e9%2Fbafaac4e7c609d403aca5f8df316016ab571cf8a03e68a7a1d7db4bd5adc02a0.png?alt=media) #### Using DNS in Dashboards A new system dashboard named **DNS Overview** is now available. DNS can be used in individual Dashboard Widgets when you are creating or modifying a dashboard by selecting the category **DNS** or **Traffic**. ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-8f2ee00872e65d6f6bde38b6ea788d07483d7e2d%2F5c582b4542ae66f6ce02ba1397150c4e082ec619f48d79fae9270ec8bdb6354e.png?alt=media) ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-9fb5de0496356df01f30a57c9a5e1668d8064daa%2Fbeff7cb3a43f11cf039425041189dcf05178a1f284bb651a1a783f8bfd79483c.png?alt=media)