DynDNS client on PANOS 9.0

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Reply
L0 Member

Re: DynDNS client on PANOS 9.0

Thank you @StevenEerdekens!!! Worked like a charm!!! Appreciate your help! 

Highlighted
L3 Networker

Re: DynDNS client on PANOS 9.0

Glad to hear!

Tags (1)
Highlighted
L1 Bithead

Re: DynDNS client on PANOS 9.0

Steven,

 

Thank you very much for taking the time to post this. I feel like the biiggest "rock" in the world right now. I have been trying for two days to download the right files to get this to work. I thought I had them, but it continues to fail according to system logs. Is there any chance you could export the files that worked for you and let me know what order you have listed in the profile? I would be more then greatful and would add you to next years christmas card list Seriously, and help would be much appreciated. Thanks, RickScreen Shot 2020-01-03 at 4.37.40 PM.pngScreen Shot 2020-01-03 at 4.38.25 PM.pngScreen Shot 2020-01-03 at 4.39.49 PM.png

Highlighted
L1 Bithead

Re: DynDNS client on PANOS 9.0

I have been working this for days. I'm thinking it is something else. Can anyone please tell me why I would get a Timeout message? Could it be policy related? 

 

( description contains 'Interface ethernet1/1 DDNS update to DuckDNS v1 unsuccessful for host mybighost with 108.10.11.34 Server response: Timeout was reached' )

 

*Note I changed host and IP for privacy purposes. 

Highlighted
L1 Bithead

Re: DynDNS client on PANOS 9.0

Figured it out. I had to change the service route configuration under /Device/Services/ServiceRouteConfiguration so the traffic would go out the WAN and not the default MGMNT interface. 

Highlighted
L0 Member

Re: DynDNS client on PANOS 9.0

Hey Rick.

 

I've been having a similar problem for while. I solved it by making the URL filtering categories of 'high-risk' and 'dynamic-dns' to alert or allow. Then I imported the certificates I got from a packet capture to that IP. Those certificates were different than what Firefox provided me with. You can find them here:

Starfield Class 2 Certification Authority Root Certificate

Starfield Secure Server Certificate (Cross Intermediate Certificate)

Starfield Secure Server Certificate (Intermediate Certificate) - G2

and finally DuckDNS's certificate (note: you will need to save that as a .pem file)

 

Then I selected all three Starfield certificates in my certificate profile

After commiting I went to the CLI and ran these commands:

test dns-proxy ddns update interface name ethernet1/1

show dns-proxy ddns interface name ethernet1/1

 

The return code was good.

 

Hope this helps

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!