SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  DNS resolution with local DNS server

    Posted 11-26-2018 17:21

    Hi,

    I want to use 8.8.8.8 as my first DNS server and use my local DNS as the secondary DNS server.

    I have a site-to-site VPN .. I want t the local host names resolved by the secondary DNS. However, iit is not resolving. What can be the missing issue. Any ideas ?

     

    As of now; i am using both the local DNS servers ( by saying local, it is on  other network which I connect over by  site-to-site VPN) and I think it is not a correct usage

     

    show system services dhcp pool 172.16.4.0/24 detail
    Pool information:
    Subnet 172.16.4.0/24
    Address range 172.16.4.1 - 172.16.4.254
    Addresses assigned 14/254
    Active: 13, Excluded: 1

    Excluded addresses:
    172.16.4.1

    DHCP lease times:
    Default lease time 1 day
    Minimum lease time 1 minute
    Maximum lease time infinite

    DHCP options:
    Name: name-server, Value: [ 192.168.10.135, 192.168.10.136 ]
    Name: domain-search, Value: [ mydomain1.com,mydomain2.com,mydomain3.com,mydomain4.com ]
    Name: router, Value: [ 172.16.4.1 ]



  • 2.  RE: DNS resolution with local DNS server

    Posted 11-26-2018 17:27

    If I follow you correctly, you need local only dns records to resolve.  That means you really cannot use any public dns server like google, you have to use those internal network servers only.

     

    As long as the addresses are reachable via the VPN there is no issue using them as the DNS servers in our dhcp setup.

     

    What is the reason your wnat google dns are primary?

     



  • 3.  RE: DNS resolution with local DNS server

    Posted 11-26-2018 18:28

    Hi, thank you for your response...Actually I want t use 8.8.8.8 as the primary and the local DNS as the secondary. But, the problem with this configuration, when these DNS servers are assigned to the clients, clients can not resolve the localhostnames in the remote network which I connect with site to site VPN

     

    My HQ NW ( 172.16.4.x/24) ----- ------ sitetosoteVPN ---------- DataCenter ( 192.168.10.x/24)

     

    I am in the HQ office, my srx fw is in this nw also

     

    My DNS servers are in remote NW

     

    But my clients can not resolve the hosts located in the DataCenter when I use 8.8.8.8 as the primary DNS



  • 4.  RE: DNS resolution with local DNS server

    Posted 11-27-2018 02:53

    Thanks for the clarification.

     

    You will never be able to resolve internal only dns records with any public resolver like google dns.  If you need these records to work you have to remove google and other public resolvers and use only the internal dns servers.

     



  • 5.  RE: DNS resolution with local DNS server

    Posted 11-27-2018 09:57

    thank you so much.. I wanted to setup an environment like :

     - all external name resolutions will be asked and resolved by  1st DNS ( google for ex)

    - all internal name resolutions will be queried on primary DNS and they will get no response and the query will be redirected to secondary DNS

     

    so, i understand that, when the names are not resolved by primary DNS, the query will not be redirected to the secondary DNS, right ?



  • 6.  RE: DNS resolution with local DNS server
    Best Answer

    Posted 11-27-2018 16:26

    The secondary DNS gets used if there is no response at all from the primary DNS.

     

    In this case there is a response, that the record does not exist in the public authoritative zone.  This is a valid response so there is no need to failover to using the secondary DNS.

     



  • 7.  RE: DNS resolution with local DNS server

    Posted 11-27-2018 16:30

    I appreciate ...  thank you.. all of my posts replied with great patience.. thanks