In this use case, the firewall is the client requesting DNS resolutions of FQDNs for management events such as software update services, dynamic software updates, or WildFire. The shared, global DNS services perform the DNS resolution for the management plane functions.
Configure DNS Services for the Firewall
Configure the primary and secondary DNS servers you want the firewall to use for its management DNS resolutions. You must manually configure at least one DNS server on the firewall or it will not be able to resolve hostnames; it will not use DNS server settings from another source, such as an ISP. Select Device > Setup > Services > Global and Edit. (For firewalls that do not support multiple virtual systems, there is no Global tab; simply edit the Services.) On the Services tab, for DNS, click Servers and enter the Primary DNS Server address and Secondary DNS Server address. Click OK and Commit.
Alternatively, you can configure a DNS Proxy Object if you want to configure advanced DNS functions such as split DNS, DNS proxy overrides, DNS proxy rules, static entries, or DNS inheritance. Select Device > Setup > Services > Global and Edit. On the Services tab, for DNS, select DNS Proxy Object. From the DNS Proxy drop-down, select the DNS proxy that you want to use to configure global DNS services, or click DNS Proxy to configure a new DNS proxy object as follows: Click Enable and enter a Name for the DNS proxy object. For Location, select Shared for global, firewall-wide DNS proxy services. Shared DNS proxy objects do not use DNS server profiles because they do not require a specific service route belonging to a tenant virtual system. Enter the Primary DNS server IP address. Optionally enter a Secondary DNS server IP address. Click OK and Commit.

Related Documentation