DNS server failover not working for GP client

Reply
Highlighted
L3 Networker

DNS server failover not working for GP client

We have a problem with the GP client and DNS. when the primary DNS server configured on the GP gateway is down, the GP client is unable to resolve FQDNs (over the split tunnel).  Once I reversed the and made the secondary (active) DNS server the primary, the GP was able to resolve internal names.

 

The only global timer that I can see for DNS is under Device/Setup/Services and that is for FWDN Refresh.  I currently have the two DNS servers configured by IP addresses.

 

The FQDN Refresh Time is set to the default of 1800 seconds.  The PA is running v8.1.9.  We only noticed this during tests as we are progressively upgrading the Domain Controllers and DNS servers. 

 

I see in the on-line documentation that for VMs, we can set as low as 60 seconds (1 minute).  It sounds like a shorted FQDN refresh would help this issue.  Would lowering this value significantly impact overall performance?  What should we do here to fix the issue

 

 

Highlighted
Cyber Elite

Hello there...

 

I have a simple question that I would like to better understand.

 

With the split tunnel enabled, can you confirm that both DNS server entries are seen by the client machine?

If this is true, then my question seems to be, what happens when the first goes down... (can you run a wireshark) to confirm that, indeed, the 2nd DNS server is being properly queried by the client.

 

I would think this would be a client issue primarily.  Of course, if you can show that DNS requests are making it across the VPN to the FW and not being resolved, that is a different story (and one which I think you are attempting to believe the issue is, but let's try to confirm our theory)

 

Help the community: Like helpful comments and mark solutions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!