Configure a DNS proxy on a Palo Alto Networks firewall
Note the IP addresses of the ETP recursive DNS servers. For more information, see View DNS server information.
Before you begin
Complete this procedure to configure a DNS proxy on a Palo Alto Networks firewall.
- In the Palo Alto Networks firewall, go to .
- Click Add.
- Select the interface or interfaces where the DNS proxy is enabled.
- In the Inheritance Source list, select none.
- In the Primary field, enter the primary IP address of the ETP recursive server.
- In the Secondary field, enter the secondary IP address of the ETP recursive server.
To configure static DNS entries
that are cached and resolved locally, in the Static Entries tab, click
- In the Name column, enter a name to identify the entry
- In the FQDN column, enter the Fully Qualified Domain Name that you want the firewall to resolve locally
- In the Address column, enter the associated IP address or addresses
- To configure DNS caching, in the Advanced tab, select Cache. By default, the DNS proxy populates values for the cache size and timeout.
- Click OK.