FAST-DNS Resolution Issues - Knowledge Base - Palo Alto Networks

FAST-DNS Resolution Issues

50990

Created On 03/25/19 04:51 AM - Last Modified 05/16/24 03:40 AM

DNS

Security Policy

URL Category

Policy

URL Filtering

DNS Security

8.1

8.0

7.1

PAN-OS

Symptom

Most of the CDN (Content Delivery Network) providers use FAST DNS switching, which in some cases causes DNS caching issues. This happens because of quick changing FQDNs at the CDN side.

Environment

PAN-OS
Firewall
FQDN refresh
FAST-DNS

Resolution

FQDN refresh timers are used to check the mapping between an IP address and a fully-qualified domain name. By default, Palo Alto Networks devices perform this check every 30 seconds.

First workaround: Refer Change FQDN refresh timer to a minimum of 10 minutes.

Second workaround: Refer Create a custom URL category for Akamai (CDN) servers FQDNs and add it to an allow security policy .

Third workaround: Refer Upgrade to PAN-OS 9.0 for the built-in FQDN Refresh Enhancement feature .

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)