Configure DNS Profiles
Configure DNS Profiles from the Prisma SD-WAN web interface.
Create a
DNS Profile
from
the Prisma SD-WAN web interface.- Selectand clickPoliciesStacked PoliciesDNSDNS Service RolesCreate DNS Profile.
- EnterBasicinformation for the profile, select to retain strict domain names and DNS loop detection, and add a DNS server.
- Enter theName,(Optional)Description, and(Optional)Tagsfor the DNS service profile.
- Select toEnable strict domain nameand toEnable DNS loop detection.
- (Optional)Enter theMax EDNS Packetssize.The default size is 4096.
- (Optional)Choose aListen DNS Rolefrom the drop-down and enter theListen Portnumber.The default value is 53. The optional value must be between 1 to 65535.Roles created as part of the DNS service are listed in theListen DNS Rolefield.
- (Optional)Select the optionSend to all DNS Servers.
- Add a DNS server, by specifying theDNS Server IPand(Optional)DNS Server Port.
- Select either IP Prefix or Domain and enter the required information.Configuring theIP Prefixforwards PTR (reverse lookups) for the specified subnet to the DNS server.Configuring theDomain Nameoption forwards name resolution request for the specified domain(s) to the DNS server.
- (Optional)Choose aForward DNS Rolefrom the drop-down and enter theSource Port.Roles created as part of the DNS service are listed in theForward DNS Rolefield.
- MapDomain to Addressto enable you to specify DNS responses with the configured mapping.TheDomain to Addressmapping and the IP address must be unique.
- ClickAddto add a domain address.
- Specify theDomain Nameand theIP Prefix.
- Specify theQueries and Responsesparameters to append the client metadata to the DNS query as it is sent to the upstream DNS server.DNS responses can also be overridden or can block specific responses entirely.
- SelectAdd a Clientand specify theMac Encoding Format.
- Enter aCustom Textand anIdentifier, or choose theElement ID/Elementfrom the drop-down.
- Add a newSubnetby entering the(Optional)IP Addressand thePrefix Length.
- Select toDisable private IP lookups.If required, enterMax TTLandLocal TTLvalues in seconds.
- (Optional)Enter IP addresses that can be identified asBogus NX DomainsandIgnore IP Addresses.
- Create newAliasesby replacing the IP address.This can be done by either choosing to replace theOriginal IP Prefixor retaining theOriginal IP Rangeby entering the original start IP and original end IP.
- Specify theCache and DNSSec proxyconfigurations.
- Select toDisable Negative Cachingoption.If required, include values in seconds forMin Cache TTL,Max Cache TTL,Cache Size, andNegative Cache TTL.
- Select toStop dns rebind for private ipand toEnable localhost rebind.
- (Optional)Enter the names of theRebind Domains.
- Select to enable theDNSSEC Proxy andDNSSEC Configoptions.
- Enter information onClass,Domain,Key Tag, andAlgorithmtoAdda newTrust Anchor.
- Add a record by entering basic information inAuthoritative Configor enter secondary server details.
- (Optional)EnterSecondary Serverdetails,Peers, andTTL valuein seconds.
- ToAdda record, enter theName(record names are listed in the drop-down),Flags,Tag, andValue.
- Complete all configuration requirements andSubmit.
Recommended For You
Recommended Videos
Recommended videos not found.