topic Trying the DNSProxy feature for Static Response in General Topics https://live.paloaltonetworks.com/t5/general-topics/trying-the-dnsproxy-feature-for-static-response/m-p/1244577#M125755 <P>Hie,</P> <P>&nbsp;</P> <P>Situation - Wanted to kaminsky the DNS Responses for my client from the FW<BR />Complication - None of the dig are responded</P> <P>Need your help on this?</P> <P>Client Requests for Promise/Spoofed IP</P> <P>keviv@keviv-VMware-Virtual-Platform:~$ ifconfig ens37<BR />ens37: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500<BR />inet 192.168.21.21 netmask 255.255.255.0 broadcast 192.168.21.255<BR />inet6 fe80::355a:6e06:90e9:6b84 prefixlen 64 scopeid 0x20&lt;link&gt;<BR />ether 00:0c:29:80:6e:57 txqueuelen 1000 (Ethernet)<BR />RX packets 7725 bytes 677203 (677.2 KB)<BR />RX errors 0 dropped 0 overruns 0 frame 0<BR />TX packets 7358 bytes 686142 (686.1 KB)<BR />TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</P> <P>keviv@keviv-VMware-Virtual-Platform:~$ dig @192.168.20.130 fallout.gcc<BR />;; communications error to 192.168.20.130#53: timed out<BR />;; communications error to 192.168.20.130#53: timed out<BR />;; communications error to 192.168.20.130#53: timed out</P> <P>; &lt;&lt;&gt;&gt; DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu &lt;&lt;&gt;&gt; @192.168.20.130 fallout.gcc<BR />; (1 server found)<BR />;; global options: +cmd<BR />;; no servers could be reached<BR />keviv@keviv-VMware-Virtual-Platform:~$ dig @192.168.21.20 fallout.gcc<BR />;; communications error to 192.168.21.20#53: timed out<BR />;; communications error to 192.168.21.20#53: timed out<BR />;; communications error to 192.168.21.20#53: timed out</P> <P>; &lt;&lt;&gt;&gt; DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu &lt;&lt;&gt;&gt; @192.168.21.20 fallout.gcc<BR />; (1 server found)<BR />;; global options: +cmd<BR />;; no servers could be reached<BR />keviv@keviv-VMware-Virtual-Platform:~$</P> <P>Firewall Config</P> <P>admin@panama# show network dns-proxy astroid<BR />astroid {<BR />cache {<BR />max-ttl {<BR />enabled no;<BR />}<BR />enabled yes;<BR />}<BR />tcp-queries {<BR />enabled no;<BR />}<BR />static-entries {<BR />cachepoisioning {<BR />address 192.168.20.129;<BR />domain fallout.gcc;<BR />}<BR />}<BR />interface [ ethernet1/1 ethernet1/2];<BR />default {<BR />primary 192.168.20.130;<BR />}<BR />enabled yes;<BR />}<BR />[edit]<BR />admin@panama#</P> <P>admin@panama&gt; show interface ethernet1/1<BR />Interface IP address: 192.168.20.130/24</P> <P>admin@panama&gt; show interface ethernet1/2<BR />Interface IP address: 192.168.21.20/24</P> <P>admin@panama&gt; show dns-proxy cache name astroid</P> <P>Name: astroid<BR />Cache settings:<BR />cache-edns: enabled<BR />entries: 0<BR />Domain IP/Name Type Class TTL Hits<BR />-----------------------------------------------------------------------------------------------------------------------------</P> <P><BR /><A href="mailto:admin@panama&gt;" target="_blank">admin@panama&gt;</A></P> <P>&nbsp;</P> <P>There is currently all allow policy ord.<BR /><BR />Any suggestions or hint will be welcomed.&nbsp;<BR />Chao</P> Wed, 24 Dec 2025 19:59:42 GMT ocpfn4 2025-12-24T19:59:42Z Trying the DNSProxy feature for Static Response https://live.paloaltonetworks.com/t5/general-topics/trying-the-dnsproxy-feature-for-static-response/m-p/1244577#M125755 <P>Hie,</P> <P>&nbsp;</P> <P>Situation - Wanted to kaminsky the DNS Responses for my client from the FW<BR />Complication - None of the dig are responded</P> <P>Need your help on this?</P> <P>Client Requests for Promise/Spoofed IP</P> <P>keviv@keviv-VMware-Virtual-Platform:~$ ifconfig ens37<BR />ens37: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500<BR />inet 192.168.21.21 netmask 255.255.255.0 broadcast 192.168.21.255<BR />inet6 fe80::355a:6e06:90e9:6b84 prefixlen 64 scopeid 0x20&lt;link&gt;<BR />ether 00:0c:29:80:6e:57 txqueuelen 1000 (Ethernet)<BR />RX packets 7725 bytes 677203 (677.2 KB)<BR />RX errors 0 dropped 0 overruns 0 frame 0<BR />TX packets 7358 bytes 686142 (686.1 KB)<BR />TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</P> <P>keviv@keviv-VMware-Virtual-Platform:~$ dig @192.168.20.130 fallout.gcc<BR />;; communications error to 192.168.20.130#53: timed out<BR />;; communications error to 192.168.20.130#53: timed out<BR />;; communications error to 192.168.20.130#53: timed out</P> <P>; &lt;&lt;&gt;&gt; DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu &lt;&lt;&gt;&gt; @192.168.20.130 fallout.gcc<BR />; (1 server found)<BR />;; global options: +cmd<BR />;; no servers could be reached<BR />keviv@keviv-VMware-Virtual-Platform:~$ dig @192.168.21.20 fallout.gcc<BR />;; communications error to 192.168.21.20#53: timed out<BR />;; communications error to 192.168.21.20#53: timed out<BR />;; communications error to 192.168.21.20#53: timed out</P> <P>; &lt;&lt;&gt;&gt; DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu &lt;&lt;&gt;&gt; @192.168.21.20 fallout.gcc<BR />; (1 server found)<BR />;; global options: +cmd<BR />;; no servers could be reached<BR />keviv@keviv-VMware-Virtual-Platform:~$</P> <P>Firewall Config</P> <P>admin@panama# show network dns-proxy astroid<BR />astroid {<BR />cache {<BR />max-ttl {<BR />enabled no;<BR />}<BR />enabled yes;<BR />}<BR />tcp-queries {<BR />enabled no;<BR />}<BR />static-entries {<BR />cachepoisioning {<BR />address 192.168.20.129;<BR />domain fallout.gcc;<BR />}<BR />}<BR />interface [ ethernet1/1 ethernet1/2];<BR />default {<BR />primary 192.168.20.130;<BR />}<BR />enabled yes;<BR />}<BR />[edit]<BR />admin@panama#</P> <P>admin@panama&gt; show interface ethernet1/1<BR />Interface IP address: 192.168.20.130/24</P> <P>admin@panama&gt; show interface ethernet1/2<BR />Interface IP address: 192.168.21.20/24</P> <P>admin@panama&gt; show dns-proxy cache name astroid</P> <P>Name: astroid<BR />Cache settings:<BR />cache-edns: enabled<BR />entries: 0<BR />Domain IP/Name Type Class TTL Hits<BR />-----------------------------------------------------------------------------------------------------------------------------</P> <P><BR /><A href="mailto:admin@panama&gt;" target="_blank">admin@panama&gt;</A></P> <P>&nbsp;</P> <P>There is currently all allow policy ord.<BR /><BR />Any suggestions or hint will be welcomed.&nbsp;<BR />Chao</P> Wed, 24 Dec 2025 19:59:42 GMT https://live.paloaltonetworks.com/t5/general-topics/trying-the-dnsproxy-feature-for-static-response/m-p/1244577#M125755 ocpfn4 2025-12-24T19:59:42Z