As you note it looks like only the default routing instance or a management routing instance can be the source interface for srx dns self traffic.
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dns-system-management.htmlI don't think using a management instance will work your your normal transit traffic setup.
So another option would be to create a connection from the default routing instance into this LAN-HANDOFF instance for the dns server reachability. This could be using logical tunnels between the instances or leaking the necessary routes via rib groups. Naturally you also have to be careful not to create an undesired routing path as you likely created the virtual router separation for a reason.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home------------------------------
Original Message:
Sent: 01-30-2021 09:23
From: Unknown User
Subject: DNS name-server in a routing instance
I also tried all traffic coming from the specified interface and matched clients to forward DNS queries, using DNS proxy:
set system services dns dns-proxy interface ge-0/0/2.0
set system services dns dns-proxy view INET match-clients 172.20.1.0/24
set system services dns dns-proxy view INET domain * forwarders 8.8.8.8
set system services dns dns-proxy view INET domain * forwarders 8.4.4.4
ge-0/0/2.0 and 172.20.1.0/24 belong in the LAN-HANDOFF routing-instance and they have a route to 8.8.8.8:
ping routing-instance LAN-HANDOFF 8.8.8.8 source 172.20.1.1
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=115 time=12.211 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=12.343 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=12.468 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 12.211/12.341/12.468/0.105 ms
However, DNS is not working:
ping routing-instance LAN-HANDOFF inet www.google.co.uk source 172.20.1.1
ping: cannot resolve www.google.co.uk: Host name lookup failure
Is DNS proxy supported in routing-instances?
Original Message:
Sent: 01-29-2021 18:27
From: Unknown User
Subject: DNS name-server in a routing instance
Is there a way to specify a name-server within a virtual-router routing instance and source it from said routing instance. When I try to commit this type of configuration I get an error stating "mgmt_junos instance can only be configured with DNS". If this is the case is there a workaround, such as DNS proxy?
My requirement is to provide DNS for my LAN routing instance that has connectivity to the internet and the source address is in this routing instance.
Example:
set system name-server 8.8.8.8 routing-instance LAN-HANDOFF
error: routing-instance: 'LAN-HANDOFF': Only routing-instance supported is mgmt_junos