We have Internal DNS servers that reach outside, to our ISP, for external DNS. I would like to setup Proxy to prevent all the DNS traffic from reaching inside. To do this I click on DNS Proxy within the Network tab and add my Private internal interface, within the Interface section, and add the ISP DNS servers in the Default DNS Settings section?
Yes, Once you enable the DNS proxy on the interface and point you internal DNS server to the same, all the DNS queries to your ISP are now made by PAN. Also please make sure that you have proper security rules, nat rules and routing for your internal interface to reach your external ISP server.
In the article you linked, it states you configure the clients with the IP addresses of the interfaces on which the DNS proxy is enabled. I think I may be misreading this. Is it literally all of our clients or just our internal DNS servers? So our workstations point to our DNS servers, then our DNS servers point to the proxy.
DNS proxy instructions
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!