This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

DNS proxy setup

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

DNS proxy setup

Go to solution
ohareka
L1 Bithead

‎02-24-2024 11:35 AM

Hi,  I have a firewall rule on my Palo Alto to NAT a public IP to a private IP on the DMZ.  The external users who don’t work for my company can hit the public IP by DNS name, get onto the website, and view the content etc.  This is all working fine. A few times per year I must take the internal DMZ server offline for patching and it could be off for a few hours.  Is it possible for me to re-direct the external users still trying to access the DNS name over to an external website while the server is unreachable.  I have got a webpage built in Azure to say the server is down for maintenance and can they try later.  I was wondering could I do this via DNS proxy or would I be better trying to do this with an external Load balancer.

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/network/network-dns-proxy/dns...

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
reaper
Cyber Elite
Cyber Elite

‎02-26-2024 06:19 AM

In the DNS proxy you can change or redirect DNS records, but I would not be inclined to expose this to the internet.

 

You could simply change the DNS A record temporarily to point to a landing page while you work on the server, and then switch the A record back to the correct IP after you're done

 

if you currently have a TTL of 24 hours, you could change it to 5 minutes the day before the maintenance. 15 minutes before you can update the A record, and then after you're done change the record and set the TTL back to 24 hours. 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

(1)
3 REPLIES 3

Go to solution
reaper
Cyber Elite
Cyber Elite

‎02-26-2024 06:19 AM

In the DNS proxy you can change or redirect DNS records, but I would not be inclined to expose this to the internet.

 

You could simply change the DNS A record temporarily to point to a landing page while you work on the server, and then switch the A record back to the correct IP after you're done

 

if you currently have a TTL of 24 hours, you could change it to 5 minutes the day before the maintenance. 15 minutes before you can update the A record, and then after you're done change the record and set the TTL back to 24 hours. 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
(1)

Go to solution
ohareka
L1 Bithead

‎02-26-2024 02:02 PM

Thanks for the advice - I'll give that a go

0 Likes Likes

Go to solution
LaylaDonovan
L0 Member
In response to reaper

‎03-12-2024 12:53 AM

Thanks for answering, you made my day.

  • 1 accepted solution
  • 564 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks