I actually got the same issue as or similar.
The DNS we want to use is in the trust-vr (not the default VR).
Right now the first issue is getting the route into the trust-vr as the default vr already routes to the dns servers using the trust-vr table.
As you suggested I have also considered moving it all back to the default vr, but I would actually like to try to nail this one.
I managed to solve an issue where the DNS server was external and there was default vr and an untrust-vr defined but using the import policy for the untrust-vr matching the interface of the srx in the default vr.
The current situation there are several interfaces in the default.
A guest zone.
The fxp interaces and a lo0 interface i defined.
# show routing-options
static {
route 0.0.0.0/0 next-table untrust-vr.inet.0;
route 10.23.0.0/16 next-table trust-vr.inet.0;
# show routing-instances
trust-vr {
instance-type virtual-router;
interface reth1.2;
interface reth1.3;
interface reth1.4;
interface reth1.6;
interface reth1.7;
interface reth1.16;
interface reth1.255;
interface reth2.2572;
interface reth2.2573;
interface reth2.2574;
interface reth2.2575;
interface reth3.0;
interface reth4.30;
routing-options {
static {
route 10.32.0.0/16 next-hop 10.32.7.1;
route 10.33.0.0/16 next-hop 10.33.7.1;
route 10.34.0.0/16 next-hop 10.34.7.1;
route 10.35.0.0/16 next-hop 10.35.7.1;
route 0.0.0.0/0 {
next-table untrust-vr.inet.0;
preference 20;
}
route 10.0.0.0/8 next-hop [ 10.24.255.254 10.24.254.254 ];
route 192.168.3.0/24 next-hop 10.24.255.254;
route 10.213.5.34/32 next-hop 10.34.7.1;
}
instance-import imp-lo0;
auto-export {
disable;
}
}
protocols {
pim {
rp {
static {
address 10.24.239.254;
}
}
interface reth3.0;
interface reth4.30;
}
}
}
# run show route
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 06:06:36
to table untrust-vr.inet.0
10.23.0.0/16 *[Static/5] 06:06:36
to table trust-vr.inet.0
10.24.0.3/32 *[Direct/0] 06:06:36
> via lo0.0
10.24.250.0/24 *[Direct/0] 06:06:36
> via fxp0.0
10.24.250.3/32 *[Local/0] 06:06:36
Local via fxp0.0
172.16.64.0/24 *[Direct/0] 06:00:21
> via reth1.64
172.16.64.1/32 *[Local/0] 06:06:36
Local via reth1.64
224.0.0.22/32 *[IGMP/0] 06:06:35
MultiRecv
trust-vr.inet.0: 44 destinations, 45 routes (44 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/20] 06:06:36
to table untrust-vr.inet.0
10.0.0.0/8 *[Static/5] 06:00:21
to 10.24.254.254 via reth3.0
> to 10.24.255.254 via reth1.255
10.24.254.0/24 *[Direct/0] 05:57:35
> via reth3.0
10.24.254.4/32 *[Local/0] 06:06:35
Local via reth3.0
10.24.255.0/24 *[Direct/0] 06:00:21
> via reth1.255
10.24.255.3/32 *[Local/0] 06:06:35
Local via reth1.255
10.32.0.0/16 *[Static/5] 06:04:02
> to 10.32.7.1 via reth2.2572
10.32.7.0/24 *[Direct/0] 06:04:02
> via reth2.2572
10.32.7.5/32 *[Local/0] 06:06:35
Local via reth2.2572
10.32.7.22/32 *[Static/1] 06:06:32
Discard
10.32.7.23/32 *[Static/1] 06:06:32
Discard
10.32.7.24/32 *[Static/1] 06:06:32
Discard
10.32.7.100/32 *[Static/1] 06:06:32
Discard
10.32.7.121/32 *[Static/1] 06:06:32
Discard
10.33.0.0/16 *[Static/5] 06:04:02
> to 10.33.7.1 via reth2.2573
10.33.7.0/24 *[Direct/0] 06:04:02
> via reth2.2573
10.33.7.5/32 *[Local/0] 06:06:35
Local via reth2.2573
10.33.7.100/31 *[Static/1] 06:06:32
Discard
10.33.7.121/32 *[Static/1] 06:06:32
Discard
10.34.0.0/16 *[Static/5] 06:04:02
> to 10.34.7.1 via reth2.2574
10.34.7.0/24 *[Direct/0] 06:04:02
> via reth2.2574
10.34.7.5/32 *[Local/0] 06:06:35
Local via reth2.2574
10.34.7.254/32 *[Static/1] 06:06:32
Discard
10.35.0.0/16 *[Static/5] 06:04:02
> to 10.35.7.1 via reth2.2575
10.35.7.0/24 *[Direct/0] 06:04:02
> via reth2.2575
10.35.7.5/32 *[Local/0] 06:06:35
Local via reth2.2575
10.213.5.34/32 *[Static/5] 06:04:02
> to 10.34.7.1 via reth2.2574
172.16.1.0/24 *[Direct/0] 06:00:21
> via reth1.16
172.16.1.1/32 *[Local/0] 06:06:35
Local via reth1.16
172.16.2.0/29 *[Direct/0] 06:00:21
> via reth1.2
172.16.2.1/32 *[Local/0] 06:06:35
Local via reth1.2
172.16.2.8/29 *[Direct/0] 06:00:21
> via reth1.3
172.16.2.9/32 *[Local/0] 06:06:35
Local via reth1.3
172.16.2.16/29 *[Direct/0] 06:00:21
> via reth1.4
172.16.2.17/32 *[Local/0] 06:06:35
Local via reth1.4
172.16.2.32/27 *[Direct/0] 06:00:21
> via reth1.6
172.16.2.33/32 *[Local/0] 06:06:35
Local via reth1.6
172.16.2.64/29 *[Direct/0] 06:00:21
> via reth1.7
172.16.2.65/32 *[Local/0] 06:06:35
Local via reth1.7
192.168.3.0/24 *[Direct/0] 06:03:54
> via reth4.30
[Static/5] 06:00:21
> to 10.24.255.254 via reth1.255
192.168.3.2/32 *[Local/0] 06:06:35
Local via reth4.30
224.0.0.2/32 *[PIM/0] 06:06:37
MultiRecv
224.0.0.13/32 *[PIM/0] 06:06:37
MultiRecv
224.0.0.22/32 *[IGMP/0] 06:03:54
MultiRecv
---------------------------
Any hints of there to resolved DNS from the default vr to untrust-vr ? 🙂
The DNS server are in 10.23.0.0/24 network
Cheers