I'm looking on how to configure DNS proxy on PAN and found below link that provide great information.
However, it does not cover the design that I want for DNS resolution and protect our internal DNS servers.
- I would like to check if anyone has done configuring their internal DNS server to use PAN (DNS Proxy configuration) as a DNS forwarder to resolved all external DNS??
- PAN DNS Proxy will have entry for public DNS server coming from our local ISP server provider at the same time PAN firewall is configured to forward DNS resolution bound for our local domain resolution
- Using the above setup, I can protect my internal DNS since all external DNS resolution will be coming from PAN Firewall.
Any information or ideas are highly appreciated
You can configure your DHCP to tell your clients to have the internal interface of the firewall as their DNS. Then use DNS Proxy to handle the DNS resolution. You can also deploy a security policy to Deny all dns requests going to the outside (from anyone except the firewall), and only let users resolve DNS if they use your firewall's trust interface.
Thanks for the information. Deploying the PAN internal Interface as the DNS for all DHCP client will not scale out and it's adds up additional time for DNS resolution for internal networks.
Reading all the discussion about DNS forwarding in this forum provide me great information including the one that you mention.
1. I've decided to configure our internal DNS server to have a DNS forwarder point to PAN Internal Network for Internet (external) DNS Resolution and query data to our ISP Public DNS.
2. External DNS will only communicating for all DNS resolution via PAN DNS Proxy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!