There is no nslookup command, but you can do a simple ping. Even if the destination doesn't allow ping, the DNS lookup will still happen. The command to ping from the management interface is:
ping host www.example.com
You will want to ensure that you are not using a service route though, as the DNS requests are all sent using that service route. The service routes are configured at Device > Setup > Services > Service Route Configuration. If you do have a service route set, your ping and all DNS lookups where the firewall initiates connections (such as updates.paloaltonetworks.com) will use that route.
Hope this helps,
As per my knowledge, PAN CLI does have an option like "nslookup" in windows. But, you can verify the DNS functionality, wthere FQDN resolves to a valid IP address from the DNS server.
admin> ping host google.com
PING google.com (126.96.36.199) 56(84) bytes of data. >>>>>>>>>>>>>>>>>>>>> Configured DNS server resolved the FQDN address to IP address.
64 bytes from dfw06s41-in-f6.1e100.net (188.8.131.52): icmp_seq=1 ttl=55 time=40.6 ms
64 bytes from dfw06s41-in-f6.1e100.net (184.108.40.206): icmp_seq=2 ttl=55 time=37.1 ms
64 bytes from dfw06s41-in-f6.1e100.net (220.127.116.11): icmp_seq=3 ttl=55 time=39.4 ms
If you HTTPS to the firewall and create an Address as an FQDN instead of an IP, there is a clickable RESOLVE link next to where you place the DNS name. That will resolve and list all the IP addresses it pulled from DNS. This is better than a PING test as PING will only show the first of many IPs. Using the FQDN address object you can see the full list.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!