Private DNS behind Palo Alto is not resolving Name Servers

banti · ‎06-09-2023

We are using private DNS zones for our internal sites. We are connected to the cloud by site to site vpn on palo alto and until recently our private domains have stopped resolving and name servers are not finding their way. Using dig command I am able to cache some of the addresses on palo alto but they get deleted right away but not all so for now I have added static entries for DNS proxy but the issue is that anything behind a load balancer or with wild card is not working. Is there a work around to this as this seems to be a bug of palo alto?

alexacas · 4 weeks ago

@banti surah yaseen pdf wrote:
We are using private DNS zones for our internal sites. We are connected to the cloud by site to site vpn on palo alto and until recently our private domains have stopped resolving and name servers are not finding their way. Using dig command I am able to cache some of the addresses on palo alto but they get deleted right away but not all so for now I have added static entries for DNS proxy but the issue is that anything behind a load balancer or with wild card is not working. Is there a work around to this as this seems to be a bug of palo alto?

It sounds like you're experiencing issues with private DNS zones not resolving behind your Palo Alto firewall. Since you're able to cache some addresses with the dig command but they disappear quickly, it may be beneficial to check your DNS proxy settings and ensure they are configured correctly for wildcard and load-balanced entries.

ezpassma

THE GAME HAS CHANGED

General Security & Cybersecurity Ecosystem

Private DNS behind Palo Alto is not resolving Name Servers

Re: Private DNS behind Palo Alto is not resolving Name Servers