SRX

 View Only
last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

DHCPV6, dns-server does not bind.

  • 1.  DHCPV6, dns-server does not bind.

    Posted 02-04-2021 04:52

    Hi, I need some help here. I have an issue with dhcpv6-client. I have
    some questions.

    My symptoms are as such.

    I can get dhcpv6 to my internal clients but i think some things are a
    little off wack. DHCPV6 IS ACTIVE. Here is a list.

    1. DNS server binding doesnt happen. Thats my goal, I have no other
    goals. (dhcp-attributes -> dns-server).

    2. I think that comcast forces temporary addresses and im pretty sure
    it does, so i dont know if anyone has anything to say about that.

    3. If you look at my irb.0 prefixing you can see that it has two
    bindings one a /64 and another an /80 . Is this a sign of improper
    injecting? Ive seen that /80 are lan side on other articles on the
    net. Im assuming that dhcpv6-client is enough to make dhcpv6 active,
    but do I need dhcp-local-server -> to give the dns servers binding?
    My take is that comcast only lets you use dhcpv6-client. Any comments?

    4. I realize comcast may have changed its use in that it used to
    allocate a /48 . In fact thats the /64 i see. But the /80, that
    confuses me. 128-80=48 . Is this why im stuck? Did they 180 this
    like I think they did about 4 years ago? Is it just me?


    HEELLPP?


    ## Last changed: 2020-12-23 08:02:11 GMT
    version 15.1X49-D150.2;
    system {
        host-name MySRX300;
        time-zone GMT;
        root-authentication {
            encrypted-password "$5$jONKTyXf$FVjMtn.0LU5.Lqg70vJg.c3bE.udT2CjINk5zC8Mvf2";
        }
        name-server {
            75.75.75.75;
            75.75.76.76;
            8.8.8.8;
            8.8.4.4;
        }
        login {
            user myuser {
                uid 2000;
                class super-user;
                authentication {
                    encrypted-password "$5$bAOhrT3.$cpqrCXQFnRzrF76M2fW8BImrgrnv0gOoMcQ.dGNvPW.";
                }
            }
        }
        services {
            ssh;
            telnet;
            xnm-clear-text;
            dhcp-local-server {
                dhcpv6 {
                    overrides {
                        rapid-commit;
                        process-inform {
                            pool pool-1;
                        }
                        delegated-pool pool-2;
                    }
                    group group-for-pooling {
                        interface irb.0;
                    }
                }
                group jweb-default-group {
                    interface irb.0;
                }
            }
            web-management {
                http;
                https {
                    system-generated-certificate;
                }
                session {
                    idle-timeout 60;
                }
            }
        }
        syslog {
            archive size 100k files 3;
            user * {
                any emergency;
            }
            file messages {
                any notice;
                authorization info;
            }
            file interactive-commands {
                interactive-commands any;
            }
        }
        max-configurations-on-flash 5;
        max-configuration-rollbacks 5;
        license {
            autoupdate {
                url https://ae1.juniper.net/junos/key_retrieval;
            }
        }
        ntp {
            server us.ntp.pool.org;
        }
    }
    security {
        log {
            mode stream;
            report;
        }
        forwarding-options {
            family {
                inet6 {
                    mode flow-based;
                }
            }
        }
        screen {
            ids-option untrust-screen {
                icmp {
                    ping-death;
                }
                ip {
                    source-route-option;
                    tear-drop;
                }
                tcp {
                    syn-flood {
                        alarm-threshold 1024;
                        attack-threshold 200;
                        source-threshold 1024;
                        destination-threshold 2048;
                        timeout 20;
                    }
                    land;
                }
            }
        }
        nat {
            source {
                rule-set nsw_srcnat {
                    from zone Internal;
                    to zone Internet;
                    rule nsw-src-interface {
                        match {
                            source-address 0.0.0.0/0;
                            destination-address 0.0.0.0/0;
                        }
                        then {
                            source-nat {
                                interface;
                            }
                        }
                    }
                }
            }
        }
        policies {
            from-zone Internal to-zone Internet {
                policy All_Internal_Internet {
                    match {
                        source-address any;
                        destination-address any;
                        application any;
                    }
                    then {
                        permit;
                    }
                }
            }
        }
        zones {
            security-zone Internal {
                interfaces {
                    irb.0 {
                        host-inbound-traffic {
                            system-services {
                                ping;
                                dhcp;
                                dhcpv6;
                                http;
                                https;
                                ssh;
                                telnet;
                            }
                        }
                    }
                }
            }
            security-zone Internet {
                interfaces {
                    ge-0/0/0.0 {
                        host-inbound-traffic {
                            system-services {
                                ping;
                                dhcp;
                                dhcpv6;
                            }
                        }
                    }
                }
            }
        }
    }
    interfaces {
        ge-0/0/0 {
            unit 0 {
                arp-resp restricted;
                proxy-arp restricted;
                family inet {
                    dhcp-client {
                        retransmission-attempt 21600;
                        retransmission-interval 4;
                        update-server;
                        force-discover;
                    }
                }
                family inet6 {
                    dhcpv6-client {
                        client-type stateful;
                        client-ia-type ia-na;
                        client-ia-type ia-pd;
                        prefix-delegating {
                            preferred-prefix-length 64;
                            sub-prefix-length 64;
                        }
                        update-router-advertisement {
                            interface irb.0;
                        }
                        client-identifier duid-type duid-ll;
                        update-server;
                    }
                }
            }
        }
        ge-0/0/1 {
            unit 0 {
                family ethernet-switching {
                    vlan {
                        members vlan0;
                    }
                }
            }
        }
        ge-0/0/2 {
            unit 0 {
                family ethernet-switching {
                    vlan {
                        members vlan0;
                    }
                }
            }
        }
        ge-0/0/3 {
            unit 0 {
                family ethernet-switching {
                    vlan {
                        members vlan0;
                    }
                }
            }
        }
        ge-0/0/4 {
            unit 0 {
                family ethernet-switching {
                    vlan {
                        members vlan0;
                    }
                }
            }
        }
        ge-0/0/5 {
            unit 0 {
                family ethernet-switching {
                    vlan {
                        members vlan0;
                    }
                }
            }
        }
        ge-0/0/6 {
            unit 0 {
                family ethernet-switching {
                    vlan {
                        members vlan0;
                    }
                }
            }
        }
        ge-0/0/7 {
            unit 0 {
                family ethernet-switching {
                    vlan {
                        members vlan0;
                    }
                }
            }
        }
        irb {
            unit 0 {
                family inet {
                    address 192.168.1.1/24;
                }
                family inet6 {
                    address 2001:558:4010:15:65c:6c00:1f:xxxx/63;
                    address 2601:204:d400:105:65c:6c00:1f:xxxx/64;
                    address fe80::65c:6c00:1f:xxxx/64;
                }
            }
        }
    }
    forwarding-options {
        hash-key {
            family inet {
                layer-3;
                layer-4;
            }
        }
    }
    routing-options {
        router-id 192.168.1.1;
    }
    protocols {
        l2-learning {
            global-mode switching;
        }
        rstp {
            interface all;
        }
    }
    access {
        address-assignment {
            pool jweb-default-pool {
                family inet {
                    network 192.168.1.0/24;
                    range jweb-default-range {
                        low 192.168.1.2;
                        high 192.168.1.254;
                    }
                    dhcp-attributes {
                        server-identifier 192.168.1.1;
                        domain-name xxxx.xx.comcast.net;
                        name-server {
                            75.75.75.75;
                            75.75.76.76;
                            8.8.8.8;
                            8.8.4.4;
                        }
                        router {
                            192.168.1.1;
                        }
                        netbios-node-type m-node;
                        propagate-settings irb;
                    }
                    host Roku3600 {
                        hardware-address xx:xx:xx:xx:xx:xx;
                        ip-address 192.168.1.230;
                    }
                    host amazon-xxxxxxxxx {
                        hardware-address xx:xx:xx:xx:xx:xx;
                        ip-address 192.168.1.240;
                    }
                    host android-xxxxxxxxxxxxx {
                        hardware-address xx:xx:xx:xx:xx:xx;
                        ip-address 192.168.1.67;
                    }
                }
            }
            pool pool-1 {
                family inet6 {
                    prefix 2001:558:5516:37::0/64;
                    range v6-range2 {
                        low 2001:558:5516:37::1/64;
                        high 2001:558:5516:37:ffff:ffff:ffff:ffff/64;
                    }
                    dhcp-attributes {
                        dns-server {
                            2001:558:feed::1;
                            2001:558:feed::2;
                            2001:4860:4860::8888;
                            2001:4860:4860::8844;
                        }
                        propagate-settings ge-0/0/0;
                    }
                }
            }
            pool pool-2 {
                family inet6 {
                    prefix 2601:204:ce00:5550::0/64;
                    range 2601-range {
                        low 2601:204:ce00:5550::1/64;
                        high 2601:204:ce00:5550:ffff:ffff:ffff:ffff/64;
                    }
                    dhcp-attributes {
                        dns-server {
                            2001:558:feed::1;
                            2001:558:feed::2;
                            2001:4860:4860::8888;
                            2001:4860:4860::8844;
                        }
                        propagate-settings ge-0/0/0;
                    }
                }
            }
        }
    }
    vlans {
        vlan0 {
            vlan-id 2;
            l3-interface irb.0;
        }
    }​



    myuser@MySRX300> show dhcpv6 client binding detail

    Client Interface/Id: ge-0/0/0.0
    Hardware Address: 04:5c:6c:1f:84:00
    State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
    ClientType: STATEFUL
    Lease Expires: 2021-02-07 15:00:13 GMT
    Lease Expires in: 281099 seconds
    Lease Start: 2021-02-03 15:00:13 GMT
    Bind Type: IA_PD
    Preferred prefix length 48
    Sub prefix length 48
    Client DUID: LL0x3-04:5c:6c:1f:84:00
    Rapid Commit: Off
    Server Identifier: fe80::201:5cff:xxxx:xxxx
    Update Server Yes
    Client IP Prefix: 2601:204:d400:216::/64

    DHCP options:
    Name: server-identifier, Value: LL_TIME0x1-0x15d6d13d-84:2b:2b:fc:70:f9

    Update RA interfaces:
    Interface: irb.0
    RA Prefix: 2601:204:d400:216::/80





    myuser@MySRX300> show interfaces ge-0/0/0.0 extensive
    Logical interface ge-0/0/0.0 (Index 73) (SNMP ifIndex 514) (Generation 138)
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Traffic statistics:
    Input bytes : 587994222
    Output bytes : 79118535
    Input packets: 643106
    Output packets: 322177
    Local statistics:
    Input bytes : 4240319
    Output bytes : 426150
    Input packets: 25517
    Output packets: 5099
    Transit statistics:
    Input bytes : 583753903 0 bps
    Output bytes : 78692385 0 bps
    Input packets: 617589 0 pps
    Output packets: 317078 0 pps
    Security: Zone: Internet
    Allowed host-inbound traffic : dhcp ping dhcpv6
    Flow Statistics :
    Flow Input statistics :
    Self packets : 26380
    ICMP packets : 943
    VPN packets : 0
    Multicast packets : 20913
    Bytes permitted by policy : 582758811
    Connections established : 927
    Flow Output statistics:
    Multicast packets : 0
    Bytes permitted by policy : 78675205
    Flow error statistics (Packets dropped due to):
    Address spoofing: 0
    Authentication failed: 0
    Incoming NAT errors: 0
    Invalid zone received packet: 0
    Multiple user authentications: 0
    Multiple incoming NAT: 0
    No parent for a gate: 0
    No one interested in self packets: 0
    No minor session: 0
    No more sessions: 0
    No NAT gate: 0
    No route present: 1608
    No SA for incoming SPI: 0
    No tunnel found: 0
    No session for a gate: 0
    No zone or NULL zone binding 0
    Policy denied: 0
    Security association not active: 0
    TCP sequence number out of window: 11
    Syn-attack protection: 0
    User authentication errors: 0
    Protocol inet, MTU: 1500, Generation: 152, Route table: 0
    Flags: Sendbcast-pkt-to-re
    Addresses, Flags: Is-Preferred Is-Primary
    Destination: 73.66.xx/22, Local: 73.xx.xx.xx, Broadcast: 73.xx.xx.xx, Generation: 160
    Protocol inet6, MTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0
    Generation: 153, Route table: 0
    Flags: None
    Addresses, Flags: Is-Primary
    Destination: Unspecified, Local: 2001:558:6012:32:xxxx:xxxx:fc2a:447b
    Generation: 164
    Addresses, Flags: Is-Preferred
    Destination: fe80::/64, Local: fe80::65c:6cff:fe1f:xxxx
    Generation: 152





    myuser@MySRX300> show interfaces irb.0 extensive
    Logical interface irb.0 (Index 72) (SNMP ifIndex 509) (Generation 137)
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Bandwidth: 1000mbps
    Routing Instance: default-switch Bridging Domain: vlan0
    Traffic statistics:
    Input bytes : 93777138
    Output bytes : 599039735
    Input packets: 403878
    Output packets: 641754
    Local statistics:
    Input bytes : 3949858
    Output bytes : 16812586
    Input packets: 14650
    Output packets: 48850
    Transit statistics:
    Input bytes : 89827280 224 bps
    Output bytes : 582227149 152 bps
    Input packets: 389228 0 pps
    Output packets: 592904 0 pps
    Security: Zone: Internal
    Allowed host-inbound traffic : dhcp http https ping ssh telnet dhcpv6
    Flow Statistics :
    Flow Input statistics :
    Self packets : 14805
    ICMP packets : 32
    VPN packets : 0
    Multicast packets : 21113
    Bytes permitted by policy : 82013639
    Connections established : 22178
    Flow Output statistics:
    Multicast packets : 0
    Bytes permitted by policy : 597220076
    Flow error statistics (Packets dropped due to):
    Address spoofing: 0
    Authentication failed: 0
    Incoming NAT errors: 0
    Invalid zone received packet: 0
    Multiple user authentications: 0
    Multiple incoming NAT: 0
    No parent for a gate: 0
    No one interested in self packets: 0
    No minor session: 0
    No more sessions: 0
    No NAT gate: 0
    No route present: 10000
    No SA for incoming SPI: 0
    No tunnel found: 0
    No session for a gate: 0
    No zone or NULL zone binding 0
    Policy denied: 0
    Security association not active: 0
    TCP sequence number out of window: 1
    Syn-attack protection: 0
    User authentication errors: 0
    Protocol inet, MTU: 1500, Generation: 150, Route table: 0
    Flags: Sendbcast-pkt-to-re, Is-Primary
    Addresses, Flags: Is-Default Is-Preferred Is-Primary
    Destination: 192.168.1/24, Local: 192.168.1.1, Broadcast: 192.168.1.255, Generation: 144
    Protocol inet6, MTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 4, Curr new hold cnt: 0, NH drop cnt: 0
    Generation: 151, Route table: 0
    Flags: None
    Addresses, Flags: Is-Default Is-Preferred Is-Primary
    Destination: 2001:558:4010:14::/63, Local: 2001:558:4010:15:65c:6c00:1f:xxxx
    Generation: 182
    Addresses, Flags: Is-Preferred
    Destination: 2601:204:d400:105::/64, Local: 2601:204:d400:105:65c:6c00:1f:xxxx
    Generation: 184
    Addresses, Flags: Is-Preferred
    Destination: 2601:204:d400:216::/80, Local: 2601:204:d400:216::1
    Generation: 168
    Addresses, Flags: Is-Preferred
    Destination: fe80::/64, Local: fe80::65c:6c00:1f:xxxx
    Generation: 150




    myuser@MySRX300> show ipv6 router-advertisement
    Interface: irb.0
    Advertisements sent: 120, last sent 00:01:07 ago
    Solicits received: 22, last received 01:28:12 ago
    Advertisements received: 0
    Solicited router advertisement unicast: Disable




    adrian@MySRX300> show ipv6 neighbors
    IPv6 Address Linklayer Address State Exp Rtr Secure Interface
    2601:204:d400:105:2109:afa3:908f:xxxx
    xx:xx:xx:xx:xx:xx stale 847 no no ge-0/0/5.0
    2601:204:d400:105:dc06:1662:18c8:xxxx
    xx:xx:xx:xx:xx:xx stale 502 no no ge-0/0/5.0
    fe80::201:5cff:feac:xxxx xx:xx:xx:xx:xx:xx stale 845 yes no ge-0/0/0.0
    fe80::7e38:adff:fe9e:xxxx xx:xx:xx:xx:xx:xx stale 630 no no ge-0/0/5.0
    fe80::d489:9220:22e4:xxxx xx:xx:xx:xx:xx:xx stale 847 no no ge-0/0/5.0

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------