I get a lot of the following messages in the firewall logs:
nsd: LIBRESOLVER_DNS_SERVER_REPLY_ERROR_CODE: DNS server (index:0, ip:184.108.40.206) replies with error code 3 for domain xxxxx.xxx.xx
is it possible to disable global-address book entry checks? in my specific setup some addresses can expire and be renewed later and i don't need the logs flood:)
There is explicit configuration to enable or disable the DNS lookup for the FQDN specific to address book entries as per my knowledge. You configure a reachable DNS server and DNS names in the address books, the resolution is triggered.
To avoid these messages flooding the device, you can follow the KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB9382 to prevent writing of these messages to log file.
I would suggest to keep an eye on the system processes as well for nsd just to make sure that it doesn't hog the CPU.
Hope this helps.
Thanks and Regards,
Pradeep Kumar M
|| If this solves your problem, please mark this post as "Accepted Solution" so we can help others too ||