PaloAlto and DNS

Showing results for 
Show  only  | Search instead for 
Did you mean: 

PaloAlto and DNS

L4 Transporter

I have PAN running version 8.1.17 and it is configured with two DNS servers on the management interface, you know the usual, nothing special.  I have security and NAT rule on the PAN firewall the uses FQDN. 


Is there a way to detect when the PAN fails to query the DNS server?  Is there anything in the system log that will tell me the PAN can NOT resolve DNS queries because DNS servers are not available?


Cyber Elite
Cyber Elite



DNS is used by the Management plane and you will not see the logs in the system logs.

If you have two DNS servers configured for MP then if first one does not work it will try second.


To see the logs of the DNS server you this command


dmin@BMS> tcpdump filter "port 53"

Press Ctrl-C to stop capturing


tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

^C6 packets captured

6 packets received by filter

0 packets dropped by kernel

admin@BMS> view-pcap mgmt-pcap mgmt.pcap 

16:27:32.181752 IP > 39467+ A? (30)

16:27:32.181783 IP > 48046+ AAAA? (30)

16:27:32.421488 IP > 48046 0/1/0 (85)

16:27:32.421675 IP > 39467 4/0/0 A, A, A, A (94)

16:27:35.212415 IP > 1564+ [1au] AAAA? (47)

16:27:35.214506 IP > 1564 1/1/1 CNAME (167)


Where is  Management IP of the PA is my Internal  DNS server.




L4 Transporter

I know how DNS works and I also know how tcpdump work but that is not my question. 


If the PAN can NOT communicate with DNS over the MP for FQDN resolution, will there any messages in the system log file that will tell me?  Apparently, I see messages in the system file for LDAP, but not DNS.  Why?

L7 Applicator

seems i only get a resolve error... not an actual connection error....





@dtran  Seems this is by PA design 

If you wanna see failure logs for DNS server in system logs you can check with your SE and ask for feature request.




As @Mick.Ball  mentioned you will only see logs for may show type :general and description description contains 'Connection to Update server closed:, source: '


If you wanna see additional info you can check the 

ms.logs which is part of the management server logs, show it failed to check, but it does not give me any information about DNS failure

"error code-1" may indicate connection failure

020-12-12 14:36:15.666 -0800 Error: pan_mgmtop_support_check_handler(pan_ops_common.c:10318): Error removing file:/opt/pancfg/mgmt/global/supportinfo.xml.10277
2020-12-12 14:36:15.666 -0800 updater error code:-1
2020-12-12 14:37:31.116 -0800 ### MS-DB: RuleHit update: /opt/pancfg/mgmt/devices/localhost.localdomain/rule-hit-count-db.txt
2020-12-12 14:38:07.573 -0800 updater error code:-1


Hope this helps




L7 Applicator

The question that I have, is exactly what is happening to you?

LIVEcommunity team member
Stay Secure,
Don't forget to Like items if a post is helpful to you!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!