"Non-Existent Domain" error or "No such name" DNS Response when resolving Domain names
37341
Created On 09/30/20 16:44 PM - Last Modified 02/08/21 22:26 PM
Symptom
- When trying to resolve domain name using the External DNS server(s) (NOT pushed by the GP Gateway), the below error message is seen on the CLI.
- "No such name" response packet is received locally on the virtual adapter.
- These responses are not visible if the capture is taken from the Gateway.
Environment
- Global Protect (GP) Client App 4.0.3 and higher.
- Global Protect Portal configured to Resolve All FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only).
Cause
- If the "Resolve "All" FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only)" option is set to YES which is located at Network > Global Protect > Portals > (name) > Agent > App Tab, then all the DNS requests go out via the tunnel interface to the server/s which is pushed by the GP Gateway.
- This DNS configuration pushed from GP Gateway is located at GUI: Network > Global Protect > Gateways > (name) > Agent > Network Services.
- All DNS requests routed through the tunnel that are destined to any DNS servers that are NOT pushed by the Gateway are locally responded to with NXDOMAIN (Non-Existing Domain or "No such name").
Resolution
Solution 1:
- Use the DNS servers that are pushed via GP Gateway.
- Go to GUI: Network > Global Protect > Gateways > (name) > Agent > Network Services
- Configure the primary and secondary DNS
- Go to GUI: Network > Global Protect > Portals > (name) > Agent > App Tab
- Set "Resolve "All" FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only)" option to NO.