SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

DNS proxy on SRX device

  • 1.  DNS proxy on SRX device

    Posted 07-20-2021 00:08
    Hi,

    Do we need to configure a sub-domain name in dns-proxy forwarders statement?

    Example:

    domain 1 - example.com
    domain 2- blog.example.com

    SRX configuration:

    set system services dns dns-proxy default-domain example.com forwarders "dns server IP"

    Do I need a separate statement for 'blog.example.com'? OR it can be covered by the above statement?

    Thanks.


  • 2.  RE: DNS proxy on SRX device

    Posted 07-20-2021 00:28
    It isnt required. But it depends on your ISP. Double DNS is a common scenario. YES, but you can use a wildcard too. If you have your own DNS servers, YES. The most
    common wildcard is * . Dont know if there are others. I bet *.example.com will work, etc. Split dns must be set properly.

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------



  • 3.  RE: DNS proxy on SRX device

    Posted 07-20-2021 03:07
    Hi Adrian,

    Thanks for the reply.

    Yes, set system services dns dns-proxy default-domain *.example.com forwarders <dns IP> didn't work. 
    error: domain-name: '*.example.com': Must be a valid domain-name
    error: statement creation failed: default-domain

    So, in this case, I have to use a separate statement:

    set system services dns dns-proxy default-domain *.example.com forwarders <dns IP>
    set system services dns dns-proxy default-domain blog.example.com forwarders <dns IP>

    Is there any way to use multiple dns IPs for local query, for example: set system services dns dns-proxy default-domain *.example.com forwarders <dns IP> <dns IP>. So if the first one is not available then it can use second dns IP something like that... I submitted the command with two dns IPs but it is throwing me an error, not accepting two dns IPs.

    This is for the local queries.


  • 4.  RE: DNS proxy on SRX device

    Posted 07-20-2021 05:12
    In the srx the pointer to an fqdn is in dns proxy, but it is also in the address book.

    So,
    set system services dns dns-proxy default-domain blog.example.com

    And,
    set system Services DNS dns-proxy default-domain *

    Then you would use address book, address-set .
    Also address book dns-name.

    Dont forget address book entries for blog too.

    And for that matter all your dns, isp and all.

    What's more the subsystem should not be
    handling your isp dns. Which is a seperate
    matter.

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------



  • 5.  RE: DNS proxy on SRX device

    Posted 07-20-2021 20:45
    I hope I helped...

    CP1 , happy hunting...
    😀

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------