I think I'm having one of those days!
I have Windows PCs. I've just changed some clients to use only their respective SRX for DNS lookups. However, the clients cannot resolve anything. As soon as I flick back to 220.127.116.11. for example they are fine. The SRX devices all have the following config (only) relating to DNS:
What really obvious thing am I missing? Configuration of a client DNS service somewhere?
This configuration is for DNS lookups performed by SRX itself such as name resolution for domain names in the config, or when pinging/tracing.
If You want SRX to return DNS answers to Your clients, You need to enable DNS proxy
Simple it was, as follows:-
# set system services dns dns-proxy interface ge-0/0/0.0
# set system services dns dns-proxy default-domain * forwarders 18.104.22.168
# set security zones security-zone Trust interfaces ge-0/0/0.0 host-inbound-traffic system-services dns