With Palo Alto Networks DNS Security, sometimes the DNS clients don't work well, and they get disconnected, making it an area where improvements are required.

The solution can capture more market if made more cost-competitive than Infoblox or Cisco Umbrella. The solution’s DLP capabilities could be improved.

Pricing is one of the areas of concern in Palo Alto Networks DNS Security since it is an expensive product. I feel that the product's pricing is an area that could be improved.

The price of the product has always been high in general, but recently Palo Alto has further increased the price. My customers complained about the solution's price rise and also had to purchase a new hardware box. The prices for renewal of the product are also pretty high. My company had to explain to the customers that they would have to make certain payments towards the research required to improve the product.

The solution's technical support needs to improve and be faster to offer support to its customers on time. Palo Alto Networks should arrange for a tech support engineer to troubleshoot the issues faced by their customers.

No solution provides a hundred percent security, so that can be improved. For the scalability aspect, to cover up its shortcomings, they need to deploy more models in some areas, like SMBs.

The solution’s scalability could be improved.

Every vendor that sells DNS or firewalls needs to be able to protect against DNS look-up attacks and DNS naming hacks. This is true of Palo Alto as well as others.

The IDS and IPS should be built-in. With EDS and IDS, some are proud to have built-in IDS and IPS intrusion protection and intrusion detection as some vendors sell IDS and IPS separately. They shouldn't be separate. Instead of selling two products, it really should just be one.

The product is one step behind its competitors. The product should provide email protection. It should also introduce DLP features. It should provide an end-to-end platform.

We would like to have cloud-based management.

I would like to see integration with Cisco Meraki so that they can work together on DNS issues. 

I'm not really sure what needs improvement. The only hiccup I've really seen is a couple of the DNS requests get flagged as the Sophos traffic instead of DNS traffic, but that's more of their app detection in the DNS Security. I haven't really seen any issues with the DNS security.

There should be an on-premise version of this solution. There are companies that have asked for a solution that is on-premise. The reason for this is some companies might want to have control of where their traffic is going. For example, banking companies do not want their DNS queries or any such traffic to be sent over the cloud, because the cloud can be inside India or anywhere. This is why they might want the solution to be on-premise to allow them to have full control of the security.