DNS Response Address Translation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS Response Address Translation

Not applicable

Can the PA's perform an address translation (assuming an appropriate NAT rule is configured) for an IP address that's presented as an answer in a DNS response message? I.E as highlighted in red below.

I have tested it and it doesn't work, if the functionality doesn't currently exist is it on any road-map to be added?

====================================================

Domain Name System (response)

    [Request In: 74]

    [Time: 0.000245000 seconds]

    Transaction ID: 0x5d79

    Flags: 0x8580 Standard query response, No error

    Questions: 1

    Answer RRs: 2

    Authority RRs: 6

    Additional RRs: 6

    Queries

    Answers

        test.test.com: type A, class IN, addr 1.1.1.1

            Name: test.test.com

            Type: A (Host address)

            Class: IN (0x0001)

            Time to live: 1 hour

            Data length: 4

            Addr: 1.1.1.1 (1.1.1.1)

=============================================

Regards,

James.

3 REPLIES 3

L7 Applicator

Hi James,

Please let me know what type of NAT you have configured for DNS traffic. Can you try once with static NAT for the same and let me know the result.

Note- make sure app-override is not configured for DNS traffic.

Thanks

L5 Sessionator

Hello James,

If you are using dns proxy object then there is a tab for static entries under dns proxy object where you can specify natted address.

Regards,

Hari Yadavalli

L5 Sessionator

Below are good documents which explains How Management Interface Use DNS Proxy Rules And Static Entries Through DNS Proxy Object.

https://live.paloaltonetworks.com/docs/DOC-4604

https://live.paloaltonetworks.com/docs/DOC-4633

Here some more related documents

https://live.paloaltonetworks.com/docs/DOC-3522

https://live.paloaltonetworks.com/docs/DOC-3637

https://live.paloaltonetworks.com/docs/DOC-4593

Hope this helps.
Thanks

Numan

  • 2306 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!