Configure DNS Profiles

Configure DNS Profiles from the Prisma SD-WAN web interface.
Create a
DNS Profile
from the Prisma SD-WAN web interface.
  1. Select
    Policies
    Stacked Policies
    DNS
    DNS Service Roles
    and click
    Create DNS Profile
    .
  2. Enter
    Basic
    information for the profile, select to retain strict domain names and DNS loop detection, and add a DNS server.
    1. Enter the
      Name
      ,
      (Optional)
      Description
      , and
      (Optional)
      Tags
      for the DNS service profile.
    2. Select to
      Enable strict domain name
      and to
      Enable DNS loop detection.
    3. (Optional)
      Enter the
      Max EDNS Packets
      size.
      The default size is 4096.
    4. (Optional)
      Choose a
      Listen DNS Role
      from the drop-down and enter the
      Listen Port
      number.
      The default value is 53. The optional value must be between 1 to 65535.
      Roles created as part of the DNS service are listed in the
      Listen DNS Role
      field.
    5. (Optional)
      Select the option
      Send to all DNS Servers
      .
    6. Add a DNS server, by specifying the
      DNS Server IP
      and
      (Optional)
      DNS Server Port
      .
    7. Select either IP Prefix or Domain and enter the required information.
      Configuring the
      IP Prefix
      forwards PTR (reverse lookups) for the specified subnet to the DNS server.
      Configuring the
      Domain Name
      option forwards name resolution request for the specified domain(s) to the DNS server.
    8. (Optional)
      Choose a
      Forward DNS Role
      from the drop-down and enter the
      Source Port
      .
      Roles created as part of the DNS service are listed in the
      Forward DNS Role
      field.
  3. Map
    Domain to Address
    to enable you to specify DNS responses with the configured mapping.
    The
    Domain to Address
    mapping and the IP address must be unique.
    1. Click
      Add
      to add a domain address.
    2. Specify the
      Domain Name
      and the
      IP Prefix
      .
  4. Specify the
    Queries and Responses
    parameters to append the client metadata to the DNS query as it is sent to the upstream DNS server.
    DNS responses can also be overridden or can block specific responses entirely.
    1. Select
      Add a Client
      and specify the
      Mac Encoding Format
      .
    2. Enter a
      Custom Text
      and an
      Identifier
      , or choose the
      Element ID/Element
      from the drop-down.
    3. Add a new
      Subnet
      by entering the
      (Optional)
      IP Address
      and the
      Prefix Length
      .
    4. Select to
      Disable private IP lookups
      .
      If required, enter
      Max TTL
      and
      Local TTL
      values in seconds.
    5. (Optional)
      Enter IP addresses that can be identified as
      Bogus NX Domains
      and
      Ignore IP Addresses
      .
    6. Create new
      Aliases
      by replacing the IP address.
      This can be done by either choosing to replace the
      Original IP Prefix
      or retaining the
      Original IP Range
      by entering the original start IP and original end IP.
  5. Specify the
    Cache and DNSSec proxy
    configurations.
    1. Select to
      Disable Negative Caching
      option.
      If required, include values in seconds for
      Min Cache TTL
      ,
      Max Cache TTL
      ,
      Cache Size
      , and
      Negative Cache TTL
      .
    2. Select to
      Stop dns rebind for private ip
      and to
      Enable localhost rebind
      .
    3. (Optional)
      Enter the names of the
      Rebind Domains
      .
    4. Select to enable the
      DNSSEC Proxy and
      DNSSEC Config
      options.
    5. Enter information on
      Class
      ,
      Domain
      ,
      Key Tag
      , and
      Algorithm
      to
      Add
      a new
      Trust Anchor
      .
  6. Add a record by entering basic information in
    Authoritative Config
    or enter secondary server details.
    1. (Optional)
      Enter
      Secondary Server
      details,
      Peers
      , and
      TTL value
      in seconds.
    2. To
      Add
      a record, enter the
      Name
      (record names are listed in the drop-down),
      Flags
      ,
      Tag
      , and
      Value
      .
  7. Complete all configuration requirements and
    Submit
    .

Recommended For You