topic Re: Pan OS 4.1, DNS-Proxy Problems in General Topics

Pan OS 4.1, DNS-Proxy Problems

Retired Member — Fri, 25 Nov 2011 07:40:57 GMT

Hallo,

I configured a PA500 with Pan OS 4.1 wit the WAN interface as DHCP-Client and default route to this interface.

In DNS-Proxy settings I configured a DNS-Proxy with inherit source the wan if. Primary and secondary DNS is inherited and the dns proxy is aktivated for the internal interface. A firewall rule gives all users access to the dns-proxy for name resolution an the PA is allowed from wan to wan for dns. In traffic monitor I can see, that users gain acces to the dns proxy. But the PA want's to go out for dns resolution with the internal if. So I have to configure a rule to give the internal if access to external. Thats not practicible. At the and I hae to give 25 internal interfaces acces to external DNS.

On a second appliance without DHCP on the WAN-interface it works like expected. The PA works realy as a proxy. User have acces to the PA for DNS and the PA gos out for DNS Requests wit his external interfaces.

Regards

Robert

Re: Pan OS 4.1, DNS-Proxy Problems

Bart_Jocque — Fri, 25 Nov 2011 12:19:40 GMT

You can change this under Device/Setup/"Service Router Configuration"

Here you can specify the interface to be used for DNS resolution.

Re: Pan OS 4.1, DNS-Proxy Problems

conglin — Fri, 02 Dec 2011 10:06:14 GMT

Hello,

Thank you for the advise, I changed the interface to use for DNS request as the external one but in the logs, I still can see that the DNS request are from the internal interface (matching the security rule I've created for this purpose, i.e. interface interface to public DNS server).

I am running PAN-OS 4.1.0.

Any idea?

Thank you very much!