Configuring DNS proxy - interface is invalid

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Configuring DNS proxy - interface is invalid

L1 Bithead

I have network sub interface with DHCP enabled, I'm trying to attach DNS proxy to it because I need to resolve a name which is not resolved by the DNS server we are using (say 8.8.8.8) but I'm getting erros:

 

  • Details:
  • . Validation Error:
  • . network -> dns-proxy -> TV_DNS_INTERNO -> interface 'ethernet1/7.302' is already in use
  • . network -> dns-proxy -> TV_DNS_INTERNO -> interface is invalid
  • . Commit failed

TV_DNS_INTERNO is shared but I also get erros when it's vsys.

 

I also have doubts regarding how dns proxy works, should I set the IP of this sub-interface as the DNS to my clients?


Thank you.

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hello,

You need to use the interface that is configured with the vlan's IP. My guess is that the interface you are using is setup as a L2 insteaf of a L3. Do you have a vlan interface that is setup as a L3? If yes then try and use it.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/networking/dns/use-case-3-firewall-a...

 

Check step 4. the physical interface doesnt have to be L3 but the vlan should have a L3 interface so it can route the packets.

 

Hope that helps.

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

You need to use the interface that is configured with the vlan's IP. My guess is that the interface you are using is setup as a L2 insteaf of a L3. Do you have a vlan interface that is setup as a L3? If yes then try and use it.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/networking/dns/use-case-3-firewall-a...

 

Check step 4. the physical interface doesnt have to be L3 but the vlan should have a L3 interface so it can route the packets.

 

Hope that helps.

  • 1 accepted solution
  • 3217 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!