Not able to get DNS working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Not able to get DNS working

Not applicable

Hello,

After visiting the forum, i have tried all options, but still the PA 500 wouldnt talk to the outside world.

Source recognition under device to routing has all been checked. But there is one peculiar error which

i am getting again and again  Device: Invalid IP address (NaN), but the forum said it is a bug and i verified

if there is anything under objects which is incorrect, all seem to be good...

Any ideas?

Nick

Nick, the error msg issue is fixed in 3.1.8. Pls check the release notes for the bug info. Hope this helps. Thanks

mrajdev

4 REPLIES 4

L4 Transporter

Nick,

double check that you can connect to your DNS server from the PA-500

Connect to the PA-500 via SSH

Try this first - ping host (dns IP)

If that does not work, your path to the DNS is not open.

Try this next - telnet port 53 host (dns IP)

This verifies that you are able to connect to the TCP port that DNS runs on

Finally try this - ping host www.google.com

If the two previous steps worked and this fails, look to your DNS server for issues or possibly a software firewall on the box itself.

Thank you for the quick response. The DNS address is not pinging. What is strange is i have other users connected on a 3 diff vlans on the same PA 500 box and all are able to browse the internet and resolve DNS; while the management ip though not part of the vlan is a separate ip address and has its DNS adddress as the ip of the internet gateway router is not able to get to the internet for resolution.

Any ideas?

Nick

Nick,

What path does your Management interface use to get out to the Internet? Is it using the PA as part of the path and if so is there a policy to allow the traffic out? You can adjust what interface the PA uses for services - Device -- Setup -- Service Route Configuration. Default is the Management interface, but you can use any Layer 3 interface as the source. You might change the DNS to use the VLAN that has your internal DNS servers.

James.

L4 Transporter

Nick,

You can also do a traceroute from the PAN to the DNS server IP address and check the different routers it goes through.  One more option is to use service route. You can go to the device tab---->setup on the right frame bottom you will get the option for "service route configuration" you can choose the interface which is connected to the internet as being the source interface for the DNS query. Please find a snapshot for that page when you can set this up.

  • 3841 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!