topic Duplicate DNS packets in Next-Generation Firewall Discussions

Duplicate DNS packets

MattThomas — Thu, 06 Nov 2025 22:56:27 GMT

I'm encountering and issue where we are seeing duplicate DNS (UDP) packets coming out of the palo to the resolving server. Specifically TXT records with multiple packets at the server (resolver) side vs. the normal request/response. At the client side we see the normal request response (2 packets). The server side there are up to 6 packets for the same request.

Re: Duplicate DNS packets

Elwin3 — Fri, 07 Nov 2025 12:37:59 GMT

Hi,

that usually happens when DNS inspection or ALG is enabled and the firewall re-transmits or duplicates packets as part of its flow handling. Palo Alto can resend UDP requests if it doesn’t see a quick response or if session aging is aggressive.

Check whether DNS Security or UDP session timeout is causing retries. You can also disable DNS proxy inspection on that policy to confirm if the duplication stops.

Re: Duplicate DNS packets

MattThomas — Tue, 25 Nov 2025 17:55:11 GMT

DNS proxy inspection is not enabled.

UDP session timeout is set for 60seconds