DNS name resolution does not work after upgrade of PAN-OS to 10.1.5 and above
9271
Created On 05/20/22 16:05 PM - Last Modified 02/12/24 21:31 PM
Symptom
- System logs (show log system) for DNS names display "Could not resolve host".
- Ping from the cli shows "System error" or " Temporary failure in name resolution" if the dns name is used in a query.
> ping host serverlist.urlcloud.paloaltonetworks.com
ping: serverlist.urlcloud.paloaltonetworks.com: System error
> ping host serverlist.urlcloud.paloaltonetworks.com
ping: serverlist.urlcloud.paloaltonetworks.com: Temporary failure in name resolution.
Environment
- Palo Alto Firewalls
- PAN-OS 10.1.5 and above
- DNS Resolution
Cause
- The configured system domain starts with a period (".")
# show deviceconfig system | match domain
set deviceconfig system domain .threatlab.local
- Setting is configured under GUI: Device > Setup > Management > General Setting
Resolution
- The issue is resolved under PAN-193484 in PAN-OS 10.1.11, 10.2.3 and above.
- Upgrade to the fixed version will resolve the issue.
- As a workaround, remove the period (".") when configuring the system domain name.
#set deviceconfig system domain <domain not starting with a ".">