Most Common DNS Query Responses for Internal Host Detection

• Palo Alto Firewall.
• Prisma Access for Mobile Users
• PAN-OS 8.1 and above.
• GlobalProtect configured.

The following are sample outputs from the PanGPS.log:

1. DnsQuery returns 9003
2. DnsQuery returns 0
3. DnsQuery returns 9852
4. Received DNS reverse lookup response error -65554

Retry DnsQuery

The following information describes what these response codes mean:

• Error Code 9003 means 'DNS name does not exist'
  The IP address configured for Internal Host Detection in GlobalProtect client configuration does not match to the DNS name specified.

In the previous screenshot under 'Internal Host Detection', if Hostname does not resolve to the IP address field then the error code shown above will be seen.

• Error Code 0 means GlobalProtect client machine does a reverse lookup for IP address, and it resolves to Hostname specified in the above screenshot.
• Error Code 9852 indicates that the GlobalProtect client is unable to do a reverse lookup for the IP address that got pushed for Internal Host Detection. This error code occurs when the GlobalProtect client machine does not have any DNS servers specified.
  Note: The client machine tries 20 times and does it again with a time gap of 40 seconds.

• Received DNS reverse lookup response error -65554 means that the reverse DNS lookup has failed with the server replying back with No such name response.
  For the example above, the Client will do a PTR query for IP 10.66.18.106 expecting a response with test.com.
  If the server does not have the PTR record and respond with No such name, the error  -65554 is observed. Check your DNS server to find if the PTR record is configured correctly. 

Make sure DNS servers are configured for the device by using the following Windows command: C:\>ipconfig /all