This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

nslookup on the management port ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

nslookup on the management port ?

DSTR
L0 Member

‎06-11-2014 10:58 AM

I would like to check a few DNS issues I'm seeing on the management port.

I had hoped to find nslookup in the CLI, but it isn't there.

Is there something equivalent ?

Thanks.

2 people had this problem.
Labels:
4 REPLIES 4

gwesson
L7 Applicator

‎06-11-2014 12:43 PM

There is no nslookup command, but you can do a simple ping. Even if the destination doesn't allow ping, the DNS lookup will still happen. The command to ping from the management interface is:

ping host www.example.com

You will want to ensure that you are not using a service route though, as the DNS requests are all sent using that service route. The service routes are configured at Device > Setup > Services > Service Route Configuration. If you do have a service route set, your ping and all DNS lookups where the firewall initiates connections (such as updates.paloaltonetworks.com) will use that route.

Hope this helps,

Greg

0 Likes Likes

HULK
L7 Applicator

‎06-11-2014 12:47 PM

Hello DSTR,

As per my knowledge, PAN CLI does have an option like "nslookup" in windows. But, you can verify the DNS functionality, wthere FQDN resolves to a valid IP address from the DNS server.

admin> ping host google.com

PING google.com (173.194.115.70) 56(84) bytes of data.  >>>>>>>>>>>>>>>>>>>>> Configured DNS server resolved the FQDN address to IP address.

64 bytes from dfw06s41-in-f6.1e100.net (173.194.115.70): icmp_seq=1 ttl=55 time=40.6 ms

64 bytes from dfw06s41-in-f6.1e100.net (173.194.115.70): icmp_seq=2 ttl=55 time=37.1 ms

64 bytes from dfw06s41-in-f6.1e100.net (173.194.115.70): icmp_seq=3 ttl=55 time=39.4 ms

Thanks

Royalfr
L2 Linker

‎05-17-2021 08:58 AM

If you HTTPS to the firewall and create an Address as an FQDN instead of an IP, there is a clickable RESOLVE link next to where you place the DNS name. That will resolve and list all the IP addresses it pulled from DNS.  This is better than a PING test as PING will only show the first of many IPs.  Using the FQDN address object you can see the full list.

ADDRESS OBJECT resolve DNS.PNG

Kobiher
L2 Linker
In response to Royalfr

‎01-04-2024 11:46 PM

great solution that replaces nslookup perfectly, thank you 🙂

 

www.dgft.gov.in_translated in cn-sha.jpg


Please mark helpful responses, so others know as well
0 Likes Likes
  • 23725 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks