https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/378594#M89497 <P>Hi,</P><P>&nbsp;</P><P>We have this fqdn object created:&nbsp;</P><P>2021-01-08 12:26:14.872 +0100 dnscfgmod: Fqdn SIEMENS OWNCLOUD SERVER/cco.siemens.com could not be resolved</P><P>&nbsp;</P><P>If i run a ping from MGMT A interface is resolving:</P><P>ping host cco.siemens.com<BR />PING cco.siemens.com (<STRONG>212.231.11.154</STRONG>) 56(84) bytes of data.</P><P>&nbsp;</P><P>The DNS is OK, reachable, and resolving.</P><P>&nbsp;</P><P>If i go to the web and clik solve in the object is also resolving:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dns.JPG" style="width: 593px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29436i2380110B33199219/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="dns.JPG" alt="dns.JPG" /></span></P><P>&nbsp;</P><P>But in FQDN list is not resolving so the rule is not applying.</P><P>&nbsp;</P><P>request system fqdn show:</P><P>cco.siemens.com (Objectname SIEMENS SERVER):</P><P>Not resolved</P><P>&nbsp;</P><P>WHy is happening this? any file to check deep tshooting?</P><P>&nbsp;</P> Fri, 08 Jan 2021 12:44:26 GMT BigPalo 2021-01-08T12:44:26Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/378594#M89497 <P>Hi,</P><P>&nbsp;</P><P>We have this fqdn object created:&nbsp;</P><P>2021-01-08 12:26:14.872 +0100 dnscfgmod: Fqdn SIEMENS OWNCLOUD SERVER/cco.siemens.com could not be resolved</P><P>&nbsp;</P><P>If i run a ping from MGMT A interface is resolving:</P><P>ping host cco.siemens.com<BR />PING cco.siemens.com (<STRONG>212.231.11.154</STRONG>) 56(84) bytes of data.</P><P>&nbsp;</P><P>The DNS is OK, reachable, and resolving.</P><P>&nbsp;</P><P>If i go to the web and clik solve in the object is also resolving:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dns.JPG" style="width: 593px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29436i2380110B33199219/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="dns.JPG" alt="dns.JPG" /></span></P><P>&nbsp;</P><P>But in FQDN list is not resolving so the rule is not applying.</P><P>&nbsp;</P><P>request system fqdn show:</P><P>cco.siemens.com (Objectname SIEMENS SERVER):</P><P>Not resolved</P><P>&nbsp;</P><P>WHy is happening this? any file to check deep tshooting?</P><P>&nbsp;</P> Fri, 08 Jan 2021 12:44:26 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/378594#M89497 BigPalo 2021-01-08T12:44:26Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/378792#M89513 <P>Which PAN OS you are running?</P> <P>Do you have issue only with this FQDN or other FQDN's also?</P> <P>&nbsp;</P> <P>For me it is resolving</P> <P>show dns-proxy fqdn all</P> <P>FQDN Table : Request time 2021-01-09 20:56:53<BR />--------------------------------------------------------------------------------<BR />IP Address<BR />--------------------------------------------------------------------------------</P> <P>VSYS : (using mgmt-obj dnsproxy object)<BR />Shared<BR />vsys1</P> <P>cco.siemens.com<BR />212.231.11.154<BR />:: unknown</P> <P>&nbsp;</P> <P>Normally this happens if IP in Security Rule does not match the FQDN IP address.</P> <P><SPAN>Sometimes&nbsp; FQDN object&nbsp; not refreshing properly.</SPAN></P> <P><SPAN>Also Check traffic logs to see which rule it is hitting.</SPAN></P> <P>Double check your security policy rule.</P> <P>Also try this from CLI</P> <P>&nbsp;</P> <P>request system fqdn refresh</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> Sat, 09 Jan 2021 21:03:54 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/378792#M89513 MP18 2021-01-09T21:03:54Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/378889#M89524 <P>Hi,</P><P>&nbsp;</P><P>The PanOS is old, we will upgrade during this month. Current PanOS is 8.0.x</P><P>&nbsp;</P><P>We dont use dns-proxy. We run command: request system fqdn show&nbsp;</P><P>in order to see the fqdn resolved</P> Mon, 11 Jan 2021 08:46:02 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/378889#M89524 BigPalo 2021-01-11T08:46:02Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/522770#M108284 <P>I had the same issue; support fixed it by running the below commands, commands only impact management plane but not impacting the actual traffic, we did it during business hours without impact to the users.</P> <P>&nbsp;</P> <P>&gt; debug software restart process device-server<BR />&gt; debug software restart process management-server</P> <P>&nbsp;</P> <P>hope this help.</P> <P>Mustafa</P> Tue, 29 Nov 2022 19:00:54 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/522770#M108284 Mustafa83 2022-11-29T19:00:54Z https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/526252#M108778 <P>This seems like a bug that causes crashes or/and memory leaks and till it is fixed maybe you can run a script using tools like Ansible or XSOAR to periodically restart the process or the managment plane:</P> <P>&nbsp;</P> <P><A href="https://paloaltonetworks.github.io/pan-os-ansible/modules/panos_op_module.html" target="_blank" rel="noopener nofollow noreferrer">https://paloaltonetworks.github.io/pan-os-ansible/modules/panos_op_module.html</A></P> <P>&nbsp;</P> <P><A href="https://xsoar.pan.dev/docs/reference/integrations/panorama" target="_blank" rel="noopener nofollow noreferrer">https://xsoar.pan.dev/docs/reference/integrations/panorama</A></P> Sun, 08 Jan 2023 09:04:00 GMT https://live.paloaltonetworks.com/t5/general-topics/fqdn-object-not-resolved/m-p/526252#M108778 nikoolayy1 2023-01-08T09:04:00Z