1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Sites and Devices
    6. Use External Services for Monitoring
    7. Configure DNS on Prisma SD-WAN
    8. Configure System for DNS Survivability

    Configure System for DNS Survivability

    Prisma SD-WAN Configure DNS Survivability Use case.
    Configure the system to facilitate the DNS survivability use case.
    1. From the Prisma SD-WAN web interface, navigate to
      Stacked Policies
      DNS Service
      DNS Service Roles
      and create a new service role called
      Listen
       and
      Forward
      .
    2. Navigate to
      DNS Service
      DNS Service Profiles
       and click to
      Create
      a new DNS service profile.
    3. On the
      Basic
       screen, enter a name for the DNS profile and add a
      DNS Server
      .
      1. Specify the internal DNS server IP address.
      2. Select
        Domain Names
         and define all internal top-level domain names. For example, internal.com.
      3. Specify the Listen and Forward
        DNS Service Roles
         created in Step 1.
      4. Click
        Save.
        Repeat the procedure per internal DNS server system.
    4. Add a
      DNS Server
       from
      DNS Servers
      .
      1. Specify the internet DNS Server IP address.
      2. Specify the
        DNS Service Roles
        , Listen and Forward, created in Step 1.
        Do not enter the Domain Name.
      3. Click
        Save
        .
        Repeat the procedure per internet DNS server system.
      4. Click
        Save
         and
        Submit
        .
    5. Configure the ION device to use the DNS service.
      1. Navigate to the ION configuration page and select
        DNS Service
        .
      2. Enter a name for the
        DNS service
         and select the
        DNS Profile
         created in Step 2.
      3. In
        DNS Service Role Bindings
        , click
        Add
        .
      4. Select the
        DNS Role
        , Listen and Forward from the drop-down.
      5. Select all relevant LAN interfaces that will receive and forward the requests and
        Enable
         the service.
      6. Click
        Save
        .
        The DNS service configuration is now enabled on the ION device and will answer DNS queries on the selected interfaces. After testing that the Prisma SD-WAN DNS service is configured per requirements, the DNS server IP addresses can be changed in the DHCP scope to the respective default gateway (ION LAN interfaces), the branch subnets, or specified manually on systems with static IP configuration.
        With the Prisma SD-WAN system deployed and the DNS service enabled, the branch systems utilizing SaaS services no longer rely on the centralized data center resources to function. In the event of a data center failure, none of the SaaS application services will be affected. This is due to all necessary functions delivered by the ION device through the DNS service and the ability to put trusted SaaS application traffic directly onto the internet with a scalable and straightforward path policy rule.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo