How to stop Firewall sending DNS queries for AAAA to resolve FQDN address objects.

How to stop Firewall sending DNS queries for AAAA to resolve FQDN address objects.

5798
Created On 10/03/22 06:51 AM - Last Modified 11/26/24 21:46 PM


Objective


  • By default, Firewall sends DNS queries for A and AAAA to resolve FQDN address objects into IP addresses.
  • The Firewall sends DNS queries for AAAA repeatedly even though DNS servers don’t handle or accept DNS queries for AAAA.

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1, 10.1, 10.2
  • DNS 

Procedure


  1. Disable IPv6 Firewalling. Refer How to Enable and Disable IPv6 Firewalling.
  2. When IPv6 Firewalling is disabled, Firewall doesn't send DNS queries for AAAA to resolve FQDN address objects into IPv6 addresses.

Note: Firewall doesn't handle all IPv6 traffic when IPv6 Firewalling is disabled.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZLbCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language