SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  DNS proxy on SRX device

    Posted 07-20-2021 00:08
    Hi,

    Do we need to configure a sub-domain name in dns-proxy forwarders statement?

    Example:

    domain 1 - example.com
    domain 2- blog.example.com

    SRX configuration:

    set system services dns dns-proxy default-domain example.com forwarders "dns server IP"

    Do I need a separate statement for 'blog.example.com'? OR it can be covered by the above statement?

    Thanks.


  • 2.  RE: DNS proxy on SRX device

    Posted 07-20-2021 00:28
    It isnt required. But it depends on your ISP. Double DNS is a common scenario. YES, but you can use a wildcard too. If you have your own DNS servers, YES. The most
    common wildcard is * . Dont know if there are others. I bet *.example.com will work, etc. Split dns must be set properly.

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------



  • 3.  RE: DNS proxy on SRX device

    Posted 07-20-2021 03:07
    Hi Adrian,

    Thanks for the reply.

    Yes, set system services dns dns-proxy default-domain *.example.com forwarders <dns IP> didn't work. 
    error: domain-name: '*.example.com': Must be a valid domain-name
    error: statement creation failed: default-domain

    So, in this case, I have to use a separate statement:

    set system services dns dns-proxy default-domain *.example.com forwarders <dns IP>
    set system services dns dns-proxy default-domain blog.example.com forwarders <dns IP>

    Is there any way to use multiple dns IPs for local query, for example: set system services dns dns-proxy default-domain *.example.com forwarders <dns IP> <dns IP>. So if the first one is not available then it can use second dns IP something like that... I submitted the command with two dns IPs but it is throwing me an error, not accepting two dns IPs.

    This is for the local queries.


  • 4.  RE: DNS proxy on SRX device

    Posted 07-20-2021 05:12
    In the srx the pointer to an fqdn is in dns proxy, but it is also in the address book.

    So,
    set system services dns dns-proxy default-domain blog.example.com

    And,
    set system Services DNS dns-proxy default-domain *

    Then you would use address book, address-set .
    Also address book dns-name.

    Dont forget address book entries for blog too.

    And for that matter all your dns, isp and all.

    What's more the subsystem should not be
    handling your isp dns. Which is a seperate
    matter.

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------



  • 5.  RE: DNS proxy on SRX device

    Posted 07-20-2021 20:45
    I hope I helped...

    CP1 , happy hunting...
    😀

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------