Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-01-2014 08:00 AM
Hi All,
I need to send DHCP option 119 to my clients that are using the Palo Alto as their DHCP server.
Please can you confirm whether this is possible or not?
Thanks,
Jaggie
07-01-2014 09:06 AM
Hello Jaggie,
As per my understanding, the DHCP Option 119 - Domain Suffix Search Lists are not supported by the PAN OS as of now. There are 2 feature request already submitted for adding more DHCP options into PAN OS as mentioned below:
DHCO OPtions
FR ID-784
Ability to support custom DHCP options within PANOS DHCP Server.
FR ID-2245
I would recommend you to contact with your Palo ALto SE for the same.
Thanks
08-12-2019 08:23 AM
Hi,
I know this is a 5 year old ticket but does anyone know if Pan OS finally has this capability? It's not working for me. I tried using using ASCII and Hex for option 119 and neither work.
Thanks,
David
08-12-2019 10:36 AM
This is certainly supported now.
Can you probide more details on what you would like to do and what's not working?
08-12-2019 11:20 AM
Hi,
I have 3 domains that I'd like to add to my dhcp client domain search list. They are internal company domains so I will use the generic ones below for this example.
domaina.com
domainb.com
domainc.com
I'm using my PA850 as a dhcp server.
I added option 119 as a custom option. I first chose the hex value approach and used an ASCII to hex converter to add these domains as comma separated values. This is how it is done on some Cisco devices. That didn't work on my Windows 10 dhcp client. If I do an ipconfig /release and an ipconfig /renew I get my addresses, my multi-value option 6 DNS server list but nothing for domain search list.
I then tried one hex value per line. That did not work.
So I removed the values and reapplied them as ASCII as one per line, not comma separated. That didn't work either. There's no error when I do the commit. Everything is accepted. But the client doesn't pick up the suffix list.
The I tried to use ASCII with the three domains on a single separated by commas. That didn't work.
So I'm at a loss. Any advise you can provide would be appreciated.
Thanks,
David
08-12-2019 11:21 AM
Also, I'm using PAN OS 8.1.9
10-21-2022 02:33 PM
I've seen similar problems on non-PA systems.
Sometimes the option 119 strings need to be encoded.
Please see links below. Apologies if you have already tried these.
Domain search list DHCP option encoder (jjjordan.github.io)
Adding DHCP Option 119 (Domain Search List) to Windows Server 2008 R2 | Black Marble
I believe that there are other ways of encoding too. Unfortunately I've not tried to do this on our PAs.
01-23-2023 05:44 PM
Documented the solution in a Knowledge Base Article:
How to implement DHCP Option 119 (Domain Search List) in a Palo Alto Networks firewall
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
