Just some nigly results from testing. I have the following setup:
DNS (192.168.1.1/29) --> (192.168.1.2/29) SRX (192.168.100.1/30) --> (192.168.100.2/30) Core1 (172.16.16.1/30) --> (172.16.16.2/30) BGP
So, here is the result of ping test from BGP router:
Ping to 172.16.16.1 - Success
Ping to 192.168.100.2 - Success
Ping to 192.168.100.1 - success
Ping to 192.168.1.2 - Success
Ping to 192.168.1.1 - Failure
Yet, if I ping all those addresses from the Core1 router, they are all available. Now, at first I thought it could be an address issue or a filter on the core, but it can't be. If the BGP can ping the SRX address and receive a response, it should also be able to ping the DNS interface and receive a response because it is on the same network.
Any help would be greatly appreciated.
From the SRX address (Facing the DNS) and routing-instance ninegroup-dns, I can ping the BGP router interface.... I cannot test from the DNS server itself as the systems guy is currently off sick.....
The traceroute to both addresses seems fine..... although to the SRX it gets as far as the Logical Tunnel interface and then stops... but that's weird because it uses the same route to get to the physical interface facing the DNS....
Yes, I can get him to give it a try..... but from an anycast perspective it utilises IS-IS and is being advertised as should be. There is a static route on the SRX to the DNS Server for the Anycast and that is re-distributed into IS-IS.
I will ask him.... I'll let you know the results.
Problem resolved and now working. I cannot tell you the exact details as it involves our public IP addressing, but safe to say the internal network was allowed and external not. So I changed the BGP peering to be in the internal range and it all started working.
Not being able to see the DNS configuration did not help