View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Local DNS look up fails - I feel like this is a bug?

  • 1.  Local DNS look up fails - I feel like this is a bug?

    Posted 06-15-2021 18:25
    • I've got external dns servers listed under name server.

    • iv'e got DNS allowed in in the WAN security zone

    • I am trying to ping an FQDN via an EXTERNAL ip address from the CLI, and the DNS lookup fails.

    WAN zone is in the default instance and I can ping the dns server using the same ip address / interface I am querying the DNS from.

    ie, ping source (fails)

    ie, ping source (Pings returned from this IP)

    Am I going crazy?

    edit: I've got the "source-address" bit on the name-server configuration as well, same problem.

    No "junos-host" policies configured, so the junost-host permit all should still be in effect. 

    no NAT configured either.  Any thoughts? 

    Below is config. 

    time-zone US/Eastern;
    name-server { source-address x.x.x.x/x; source-address x.x.x.x/x;
    amnesiac# show security zones security-zone WAN
    host-inbound-traffic {
        system-services {
    interfaces {
    amnesiac# show security policies from-zone WAN to-zone WAN
    policy Permit-All {
        match {
            source-address any;
            destination-address any;
            application any;
        then {