First off, I'm pretty sure that I've ruled this out from being a wireless issue. The APs are forwarding traffic as expected and I even tried another simple AP that I had lying around to rule out WLC issues.
The gist of the issue is that after a recent power outage (which was long enough to kill our backup UPS) upon everything coming back up, phones were no longer able to resolve domain names while on our network. Strangely enough, laptops seem to have no issue, and are getting the exact same DHCP assignments, DNS servers, etc. Everything is flowing through the same unifi wireless network > dumb L2 switch > SRX345 to get out to the internet. I'm wracking my brain trying to figure out why
phones in particular do not want to work, while everything else seems to flawlessly as before the power outage. I've confirmed the issue persists across many phone make/models and that these same phones do indeed work on other wireless networks.
The only thing I can figure (which is what brings me here) is that this could be some bug in the SRX (unless the L2 switch has grown a mind of its own.) Has anyone encountered anything similar? Any ideas on where to start troubleshooting? Nothing really seems amiss to me in DHCP settings or firewall settings on the SRX.
Some info redacted below and cutting it down a bit to hopefully only relevant bits:
host-name JuniperSRX345;
domain-name xyz.local;
domain-search xyz.local;
backup-router 192.168.1.1;
time-zone EST;
name-server {
192.168.1.1;
1.1.1.1;
1.0.0.1;
dhcp-local-server {
group xyz-net {
interface ge-0/0/1.0;
from-zone trust to-zone Internet {
policy All_trust_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
security-zone trust {
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
st0.1 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
st0.2 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ike;
ping;
ssh;
https;
}
protocols {
bgp;
}
interfaces {
ge-0/0/0 {
unit 0 {
description "Internet connection";
family inet {
address x.y.z.a/8;
}
}
}
ge-0/0/1 {
unit 0 {
description "LAN Intranet";
family inet {
address 192.168.1.1/21;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop x.y.z.b;
address-assignment {
pool xyz-pool {
family inet {
network 192.168.0.0/21;
range xyz-net-default-range {
low 192.168.2.0;
high 192.168.4.254;
}
dhcp-attributes {
domain-name xyz.local;
name-server {
192.168.1.1;
1.1.1.1;
1.0.0.1;
}
router {
192.168.1.1;
}
boot-file ipxe.efi;
boot-server 192.168.1.9;
tftp-server 192.168.1.9;
propagate-settings ge-0/0/1.0;
}
}
}