SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  is it possible to make srx340 NOT to check global address-book entry

    Posted 04-26-2020 10:53

    I get a lot of the following messages in the firewall logs:

     

    nsd[2060]: LIBRESOLVER_DNS_SERVER_REPLY_ERROR_CODE: DNS server (index:0, ip:8.8.8.8) replies with error code 3 for domain xxxxx.xxx.xx

     

    is it possible to disable global-address book entry checks? in my specific setup some addresses can expire and be renewed later and i don't need the logs flood:)

     

    thanks!



  • 2.  RE: is it possible to make srx340 NOT to check global address-book entry
    Best Answer

     
    Posted 04-26-2020 21:11

    Hi,

     

    There is explicit configuration to enable or disable the DNS lookup for the FQDN specific to address book entries as per my knowledge. You configure a reachable DNS server and DNS names in the address books, the resolution is triggered.

     

    To avoid these messages flooding the device, you can follow the KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB9382 to prevent writing of these messages to log file.

     

    I would suggest to keep an eye on the system processes as well for nsd just to make sure that it doesn't hog the CPU.

     

    Hope this helps.

     

    Thanks and Regards,

    Pradeep Kumar M

     

    || If this solves your problem, please mark this post as "Accepted Solution" so we can help others too ||



  • 3.  RE: is it possible to make srx340 NOT to check global address-book entry

    Posted 04-27-2020 08:20

    thanks!