Configure a DNS proxy on a Palo Alto Networks firewall

Before you begin

Note the IP addresses of the ETP recursive DNS servers. For more information, see View DNS server information.

Complete this procedure to configure a DNS proxy on a Palo Alto Networks firewall.

How to

  1. In the Palo Alto Networks firewall, go to Network > DNS Proxy.
  2. Click Add.
  3. Select the interface or interfaces where the DNS proxy is enabled.
  4. In the Inheritance Source list, select none.
  5. In the Primary field, enter the primary IP address of the ETP recursive server.
  6. In the Secondary field, enter the secondary IP address of the ETP recursive server.
  7. To configure static DNS entries that are cached and resolved locally, in the Static Entries tab, click Add and:
    1. In the Name column, enter a name to identify the entry
    2. In the FQDN column, enter the Fully Qualified Domain Name that you want the firewall to resolve locally
    3. In the Address column, enter the associated IP address or addresses
  8. To configure DNS caching, in the Advanced tab, select Cache. By default, the DNS proxy populates values for the cache size and timeout.
  9. Click OK.