Palo Alto Networks PAN-OS dns-proxy: a bug story
Kir Kolyshkin

Thank you for the blog. We ran into this issue with one specific record that was above the 512 bytes if queried with dnssec enabled.

For us the workaround was to create a DNS Proxy rule to forward dns queries for that domain to a different dns server. In our case we used open dns server, which do not support dnssec. This is a workaround until we can upgrade to a version that fixes this issue.

Like what you read? Give Rikkert Kooy a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.