vSRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Local DNS look up fails - I feel like this is a bug?

  • 1.  Local DNS look up fails - I feel like this is a bug?

    Posted 06-15-2021 18:25
    • I've got external dns servers listed under name server.

    • iv'e got DNS allowed in in the WAN security zone

    • I am trying to ping an FQDN via an EXTERNAL ip address from the CLI, and the DNS lookup fails.

    WAN zone is in the default instance and I can ping the dns server using the same ip address / interface I am querying the DNS from.

    ie, ping reddit.com source 1.2.3.4 (fails)

    ie, ping 8.8.8.8 source 1.2.3.4 (Pings returned from this IP)

    Am I going crazy?

    edit: I've got the "source-address" bit on the name-server configuration as well, same problem.

    No "junos-host" policies configured, so the junost-host permit all should still be in effect. 

    no NAT configured either.  Any thoughts? 

    Below is config. 



    time-zone US/Eastern;
    name-server {
        8.8.4.4 source-address x.x.x.x/x;
        8.8.8.8 source-address x.x.x.x/x;
    }
    
    
    
    amnesiac# show security zones security-zone WAN
    host-inbound-traffic {
        system-services {
            ping;
            ike;
            dns;
        }
    }
    interfaces {
        reth0.x;
    
    
    
    amnesiac# show security policies from-zone WAN to-zone WAN
    policy Permit-All {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
        }
    }