vSRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences with vSRX Virtual Firewall deployments and how to scale firewall protection.

Local DNS look up fails - I feel like this is a bug?

  • 1.  Local DNS look up fails - I feel like this is a bug?

    Posted 06-15-2021 18:25
    • I've got external dns servers listed under name server.

    • iv'e got DNS allowed in in the WAN security zone

    • I am trying to ping an FQDN via an EXTERNAL ip address from the CLI, and the DNS lookup fails.

    WAN zone is in the default instance and I can ping the dns server using the same ip address / interface I am querying the DNS from.

    ie, ping reddit.com source 1.2.3.4 (fails)

    ie, ping 8.8.8.8 source 1.2.3.4 (Pings returned from this IP)

    Am I going crazy?

    edit: I've got the "source-address" bit on the name-server configuration as well, same problem.

    No "junos-host" policies configured, so the junost-host permit all should still be in effect. 

    no NAT configured either.  Any thoughts? 

    Below is config. 



    time-zone US/Eastern;
    name-server {
        8.8.4.4 source-address x.x.x.x/x;
        8.8.8.8 source-address x.x.x.x/x;
    }
    
    
    
    amnesiac# show security zones security-zone WAN
    host-inbound-traffic {
        system-services {
            ping;
            ike;
            dns;
        }
    }
    interfaces {
        reth0.x;
    
    
    
    amnesiac# show security policies from-zone WAN to-zone WAN
    policy Permit-All {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
        }
    }