SRX

SRX dns lookup on domain names defined in security policy

  • 1.  SRX dns lookup on domain names defined in security policy

    Posted 16 days ago
    Hi,

    SRX allows users to define address book entries with FQDNs, I am wondering how this works in the background at scale, from the documentation, SRX will do a DNS lookup whenever a packet comes into SRX, I imagine that would significantly delay the packet processing and is that necessary? should Junos reasonably trust the TTL of a DNS record  and only do look ups when cache expires? or Junos will run a background kind of cron job to scan all FQDNs and periodically resolve those FQDNs to IP addresses and update packet processing engine (i.e. SPU)?

    Thanks,
    JG

    ------------------------------
    John Gerro
    ------------------------------