Next-Generation Firewall
Configure a DNS Server Profile
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
Configure a DNS Server Profile
Configure a DNS server profile with information used in packets sent to a DNS
server.
Where Can I Use This? | What Do I Need? |
---|---|
|
To simplify configuration for a virtual system, a DNS server profile allows you to
specify the virtual system that is being configured, an inheritance source or the
primary and secondary IP addresses for DNS servers, and a source interface and
source address (service route) that will be used in packets sent to the DNS server.
The source interface determines the virtual router, which has a route table. The
destination IP address is looked up in the route table of the virtual router where
the source interface is assigned. It’s possible that the result of the destination
IP egress interface differs from the source interface. The packet would egress out
of the destination IP egress interface determined by the route table lookup, but the
source IP address would be the address configured. The source address is used as the
destination address in the reply from the DNS server.
The virtual system report and virtual system server profile send their queries to the
DNS server specified for the virtual system, if there is one. (The DNS server used
is defined in DeviceVirtual SystemsGeneralDNS Proxy.) If there is no DNS server specified for the virtual system, the DNS
server specified for the firewall is queried.
You configure a DNS server profile for a virtual system only; it is not for a global
Shared location.
Configure a DNS server profile, which simplifies configuration of a virtual system. The
Primary DNS or Secondary DNS
address is used to create the DNS request that the virtual system sends to the DNS
server.
- Name the DNS server profile, select the virtual system to which it applies, and specify the primary and secondary DNS server addresses.
- Select DeviceServer ProfilesDNS and Add a Name for the DNS server profile.For Location, select the virtual system to which the profile applies.For Inheritance Source, select None if the DNS server addresses are not inherited. Otherwise, specify the DNS server from which the profile should inherit settings. If you choose a DNS server, click Check inheritance source status to see that information.Specify the IP address of the Primary DNS server, or leave as inherited if you chose an Inheritance Source.Keep in mind that if you specify an FQDN instead of an IP address, the DNS for that FQDN is resolved in DeviceVirtual SystemsDNS Proxy.Specify the IP address of the Secondary DNS server, or leave as inherited if you chose an Inheritance Source.Configure the service route that the firewall automatically uses, based on whether the target DNS Server has an IP address family type of IPv4 or IPv6.
- Click Service Route IPv4 to enable the subsequent interface and IPv4 address to be used as the service route, if the target DNS address is an IPv4 address.Specify the Source Interface to select the DNS server’s source IP address that the service route will use. The firewall determines which virtual router is assigned that interface, and then does a route lookup in the virtual router routing table to reach the destination network (based on the Primary DNS address).Specify the IPv4 Source Address from which packets going to the DNS server are sourced.Click Service Route IPv6 to enable the subsequent interface and IPv6 address to be used as the service route, if the target DNS address is an IPv6 address.Specify the Source Interface to select the DNS server’s source IP address that the service route will use. The firewall determines which virtual router is assigned that interface, and then does a route lookup in the virtual router routing table to reach the destination network (based on the Primary DNS address).Specify the IPv6 Source Address from which packets going to the DNS server are sourced.Click OK.Commit the configuration.Click OK and Commit.