This article is based on a discussion, Unable to resolve FQDN after upgrading PAN OS to 10.1.5 - " ping: unknown host FQDN", posted by @Shakemustafa. Read on to see the discussion and solution!
We have recently upgraded PA-820 to PA-OS 10.1.5. After that, we observed we cannot resolve any FQDN from the firewall.
*. We have verified the DNS setting Device>Setup>Services> Primary as 188.8.131.52 and local.
*. We have tested by changing the service route of DNS to LAN, WAN, and default and allowed complete access in policy still no use.
*. We have restarted MGMT server and DNS-Proxy process but still, no use getting errors as " ping: unknown host FQDN"
* Also observed it is working file in machines behind this firewall. Only unable to resolve from firewall CLI.
Can anyone please help me to address this issue.
This behavior is observed on PAN 10.1.6. There is no target fix for this bug at the moment of this writing.
As the resolution is either remove the domain name (if not required) and if required then there should not be any space.
The issue was due to invalid domain string name configured on the firewall under General setting>>Domain.
Device --> Setup --> Management --> General Settings --> Domain -->
+We removed the domain and issue got fixed.
Recently there was a fix added to validate all hostname/domain name strings from sysdagent. Hence quite possible that this string was accepted in earlier versions.