Private DNS behind Palo Alto is not resolving Name Servers
We are using private DNS zones for our internal sites. We are connected to the cloud by site to site vpn on palo alto and until recently our private domains have stopped resolving and name servers are not finding their way. Using dig command I am able to cache some of the addresses on palo alto but they get deleted right away but not all so for now I have added static entries for DNS proxy but the issue is that anything behind a load balancer or with wild card is not working. Is there a work around to this as this seems to be a bug of palo alto?
Do you know, I'd submit a ticket to Palo Alto for this one...
However, if not, and you're looking for the world's worst support I think you should probably make sure you're running Windows Server 2000 or lower on all network nodes. Anything that won't install Windows Server 2000 or lower, try smashing it with a claw hammer. Then change your DNS from BIND to TinyDNS and set TTL to nine million... Then set TTL to 0, and if that doesn't work, scrap it(DNS) altogether and use WINS(b & p nodes) for name resolution!
I'm assuming you're running dig from the CLI of the PAN box, so you really need to get their help, tech support here is horrible.