The FQDN issue could not be refreshed.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

The FQDN issue could not be refreshed.

L3 Networker

Hello all,

We were using two FQDNs that get the same IP from 9.1.14 version.


And I recently deleted one FQDN. Then there was an issue where FQDN was applied intermittently.

In addition, the GUI confirmed that Refresh was applied through Commit, but it was not applied when forced to try Refresh from the CLI.

2022-10-13 10:54:18.062 +0900 Error:  pan_send_vsys_dns_resolution(pan_dnsproxyd_sysd_api.c:1201): [DNS_API] could not resolve order-admin.in!

2022-10-13 10:54:18.062 +0900 Error:  pan_vsys_getaddrinfo(pan_dnsproxyd_sysd_api.c:1841): [DNS_API] err resolve!

2022-10-13 10:54:18.062 +0900 Error:  pan_mgmtop_resolve_address_ip(pan_ops_common.c:3247): Get ipv6 address for 'order-admin.in' in vsys 'vsys1' failed, ret -99!

2022-10-13 10:54:24.622 +0900 Error:  pan_send_vsys_dns_resolution(pan_dnsproxyd_sysd_api.c:1201): [DNS_API] could not resolve order-admin.prod.in!

2022-10-13 10:54:24.623 +0900 Error:  pan_vsys_getaddrinfo(pan_dnsproxyd_sysd_api.c:1841): [DNS_API] err resolve!

2022-10-13 10:54:24.623 +0900 Error:  pan_mgmtop_resolve_address_ip(pan_ops_common.c:3247): Get ipv6 address for 'order-admin.prod.in' in vsys 'vsys1' failed, ret -99!

2022-10-13 10:55:46.405 +0900 FQDN::dns updated. logfwdctx: 0x7f0d4d860f00, logdata: 0x7f0d38aafb80
2022-10-13 10:55:46.405 +0900 Error: pan_cfg_get_sysd_bool(pan_cfg_utils.c:7021): failed to fetch cfg.syslogng.fqdn-refresh: NO_MATCHES

Thanks,

2 REPLIES 2

Cyber Elite
Cyber Elite

@JoHyeonJae,

So just to understand things properly, you suddenly started to run into a resolution issue only after removing an FQDN object from the configuration? You didn't upgrade the firewall or make any other changes outside of removing that single FQDN object?

The logs point towards an issue with the firewall resolving the FQDN object. I'd start troubleshooting by validating that my DNS resolver I'm using on the firewall is actually processing the request and providing a response properly. 

@BPry 

Thank you for your update!

We didn't make any OS upgrades or configuration changes other than deleting FQDN Object, and we had a problem after deleting FQDN DNS.

I think there was not a problem because the two FQDN Objects were lookup the same IPs.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!