The DNS proxy is not working with the following errors viewed in the dnsproxyd.logs:
Jun 25 12:35:21 Error:pan_dnsproxyd_recv_server_udp_cb(pan_dnsproxy_udp.c:487): [Drop Rcvd ServerPkt]: Error in processing packet Jun 25 12:35:21 Error:pan_dnsproxy_process_server_pkt(pan_dnsproxy_pkt.c:1320): [4552/-][Drop RcvdServer Pkt]: No pending entry in conn tbl for server_tid:4552 Jun 25 12:35:21 Error:remove_conn_tbl_entry(pan_dnsproxy_pkt.c:284):conn_tbl[4552] entry is already freed!
The DNS proxy statistics shows a greater amount of queries forwarded to the DNS servers and less responses received from the DNS servers:
> show dns-proxy statistics all Name: L1-DNS_PROXY Interfaces: ethernet1/4 ethernet1/6 ethernet1/8 Counters: Queries received from hosts:1121308 Responses returned to hosts:1071528 Queries forwarded to servers:449253 Responses received from servers:399473 Queries pending:0 TCP:0 UDP:0
Causes
The symptoms occur if there is an excessive delay of the DNS server response, as the connection entries have been cleared from the tables, due to the amount of time it took the server to respond.
Another possible cause of this issue, not having a Security Policy to allow outbound DNS for the Proxy Server, or the outbound traffic is missing the NAT rule. The DNS Proxy traffic was being dropped and timing out.