- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-30-2022 06:06 PM
Hello all,
We were using two FQDNs that get the same IP from 9.1.14 version.
And I recently deleted one FQDN. Then there was an issue where FQDN was applied intermittently.
In addition, the GUI confirmed that Refresh was applied through Commit, but it was not applied when forced to try Refresh from the CLI.
2022-10-13 10:54:18.062 +0900 Error: pan_send_vsys_dns_resolution(pan_dnsproxyd_sysd_api.c:1201): [DNS_API] could not resolve order-admin.in!
2022-10-13 10:54:18.062 +0900 Error: pan_vsys_getaddrinfo(pan_dnsproxyd_sysd_api.c:1841): [DNS_API] err resolve!
2022-10-13 10:54:18.062 +0900 Error: pan_mgmtop_resolve_address_ip(pan_ops_common.c:3247): Get ipv6 address for 'order-admin.in' in vsys 'vsys1' failed, ret -99!
2022-10-13 10:54:24.622 +0900 Error: pan_send_vsys_dns_resolution(pan_dnsproxyd_sysd_api.c:1201): [DNS_API] could not resolve order-admin.prod.in!
2022-10-13 10:54:24.623 +0900 Error: pan_vsys_getaddrinfo(pan_dnsproxyd_sysd_api.c:1841): [DNS_API] err resolve!
2022-10-13 10:54:24.623 +0900 Error: pan_mgmtop_resolve_address_ip(pan_ops_common.c:3247): Get ipv6 address for 'order-admin.prod.in' in vsys 'vsys1' failed, ret -99!
2022-10-13 10:55:46.405 +0900 FQDN::dns updated. logfwdctx: 0x7f0d4d860f00, logdata: 0x7f0d38aafb80
2022-10-13 10:55:46.405 +0900 Error: pan_cfg_get_sysd_bool(pan_cfg_utils.c:7021): failed to fetch cfg.syslogng.fqdn-refresh: NO_MATCHES
Thanks,
11-30-2022 08:12 PM
So just to understand things properly, you suddenly started to run into a resolution issue only after removing an FQDN object from the configuration? You didn't upgrade the firewall or make any other changes outside of removing that single FQDN object?
The logs point towards an issue with the firewall resolving the FQDN object. I'd start troubleshooting by validating that my DNS resolver I'm using on the firewall is actually processing the request and providing a response properly.
11-30-2022 08:21 PM
@BPry
Thank you for your update!
We didn't make any OS upgrades or configuration changes other than deleting FQDN Object, and we had a problem after deleting FQDN DNS.
I think there was not a problem because the two FQDN Objects were lookup the same IPs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!