DNS Proxy - Can I use it to resolve all outbound

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS Proxy - Can I use it to resolve all outbound

L1 Bithead

Can I use the DNS Proxy to resolve all of my outbound DNS queries?

I would like to point my inside DNS servers to the Palo Alto firewall and then let the firewall resolve the DNS query.

12 REPLIES 12

the proxy dns was designed as a stub resolver so it is able to bend certain dns queries to an alternative dns server of your choice and have all the other dns entries handled by an upstream DNS server (recursor)

it will also not be able to handle as authoritative as we don't hold zones, we forward depending on the query

regards

Tom

Tom Piens
PANgurus - (co)managed services and consultancy

Hi,

we are trying to do exactly the same thing : we setup a DNS proxy which has to send all DNS requests to the Internet except those for our own domain ( let say mydomain.com ), but all DNS requests are sent to internet !!

The setup is the following in the PAN setup box :

- primary and secondary DNS are set to point to Internet DNS.

- We add a DNS rule : mydomain.com => our DNS.

Is there anything special to do for this feature to work as expected, syntax or whatever ? We are running PAN OS 4.0.4.

Thanks for you help.

Could you do it the other way?

Have your clients point to the internal DNS server. Configure the DNS server to forwards all other requests to the PAN interface hosting the DHCP Proxy?

Hi,

thanks for your proposal, but actualy, it's for DMZ servers. They have to request both internal and outside DNS servers. We don't have any DNS forwarding setup on our internal DNS.

PAN split DNS does not works Smiley Sad

It can work the way you want it to.I have quite a few DNS Proxy rules setup. In the rule I have

domainname.com

*.domainname.com

all forwarding to the Internal DNS servers. Everything else goes to an ISP DNS server.

I suggest you use CLI scripting if you have a bunch of internal domains to import.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!