DNS Signature Lookup Timeout Error

Reply
L1 Bithead

DNS Signature Lookup Timeout Error

I'm seeing quite a lot of messages logged in the syslog output from my PA VM-100 running PAN-OS 10.0.0:

 

Aug 19 07:31:29 firewall-1 1,2020/08/19 07:31:29,007051000047085,SYSTEM,general,2560,2020/08/19 07:31:29,,general,,0,0,general,medium,"DNS signature lookup timed out",1461969,0x0,0,0,0,0,,firewall-1,0,0,1970-01-01T10:00:00.000+10:00

What exactly does "DNS signature lookup timed out" mean?

My VM has two local DNS servers configured, which are functioning well and the PA VM has access to do direct external lookups as well if it needs to do so.  It is located on the end of a quiet 250/100M internet fibre connection here in Australia, so connectivity and congestion is not an issue.

 

The DNS Signature Lookup Timeout (ms) value is set to 300 - far far above what should be necessary.

Can anyone explain the traffic flow that might cause this (do these DNS queries go direct, or via configured resolver, and over what transport) ?

 

If this is an error, how do I go about debugging it to find the root cause?

 

Thanks,
Reuben

Tags (2)
Highlighted
L2 Linker

Hi Mate,

 

I would suggest identifying which traffic is causing these errors. Is it legit DNS query being timed out. Worth playing with the timers once more try increasing more, maybe some queries are timing out genuinely.

 

If it is like hitting a wall again, would suggest getting in touch with Palo TAC. Could be cosmetic bug or genuine misconfiguraton.

 

Hope that helps,

VR



Thanks & Regards,
Varun Rao
Senior Security Engineer, Victoria | Australia | NTT





Highlighted
L1 Bithead

Thanks VR.

 

Can you suggest how I would find out what traffic it is?  The log message doesn't indicate much other than a DNS query timed out.  I'm assuming it is to do with the DNS Security feature.


Can you or anyone else explain the traffic flow behind this feature?  I can't find it documented anywhere.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!