This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

dns proxy - static entries

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

dns proxy - static entries

FlexyZ
L3 Networker

‎11-09-2011 12:43 AM

Hi

I have a dns proxy on one of my interfaces with some static entries, but nothing is resolved on the static ones - they should have a higher priority than the primary dns IP right?

Thanks

0 Likes Likes
5 REPLIES 5

gswcowboy
L6 Presenter

‎11-09-2011 01:28 AM

Provide output from the following commands:

> show dns-proxy cache all
> show dns-proxy settings all
> show dns-proxy static-entries all
> show dns-proxy statistics all

0 Likes Likes

FlexyZ
L3 Networker
In response to gswcowboy

‎11-09-2011 02:01 AM

hmm my issues seems to be related to windows  - I have no DNS suffix in my DNS client configuration

PA-500:

DNS proxy -> d1 -> test -> 10.10.10.10

DNS proxy -> d2 -> test.test -> 20.20.20.20

Windows 7 and Windows Serer 2008 ->

ping test.test -> 20.20.20.20

ping test -> nothing resolved

ping test. -> 10.10.10.10

ping test -> 10.10.10.10

This is kind of weird I think - my goal is to specify static hosts that all clients should resolve - Any clues are very welcome!

Thanks

0 Likes Likes

sspringer
L4 Transporter
In response to FlexyZ

‎11-26-2011 08:00 PM

It is possible windows is modifying the DNS request by adding its own suffix. Please gather PCAPs from the Windows machine to verify the DNS query.


Also you have made a post that some static DNS proxy entries are not working (https://live.paloaltonetworks.com/thread/3778) - When you were performing these tests did you verify the static entries were present on the PAN?


Regards,


Stefan

0 Likes Likes

FlexyZ
L3 Networker
In response to sspringer

‎11-28-2011 05:09 AM

disable/enable showed the static entries again from the CLI, but then the DNS-Proxy in general didnt work.

I tried to from eth(s), commit and added them again, commit - but no luck

So I had to reboot firewall Smiley Sad - and when it came up still no go - until I noticed it was not enabled (even though I did it before reboot)

Enable fixed it - I have opened a support case, but is going though a partner, so not very responsive.

Thanks

0 Likes Likes

FlexyZ
L3 Networker
In response to FlexyZ

‎11-28-2011 05:13 AM

sorry wrong case

should be https://live.paloaltonetworks.com/message/10956#10956

This is been resolve by added static entries with 2 levels xxxx.yyy.com etc. and adding yyy.com suffix in DHCP scope

0 Likes Likes
  • 3814 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks