SRX

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Secure Connect DNS hairpining

  • 1.  Secure Connect DNS hairpining

    Posted 01-31-2022 05:32
    Good Morning 

    We are having more and more customers requesting this feature.  To only have DNS queries for any traffic for services protected by the tunnel. e.g
    local.me.com.au > via tunnel srx DNS and e.g. ww.google.com.au to be via the local machines DNS. This will get around issues with clients working on other networks with fqdn internal DNS zones matching external DNS zones not been able to access onlan services. I am aware that these customers can have NAT hairpining but we dont have control or any of these networks. So ANY DNS queries for *.me.com.au is forced over tunnel and any other zone e.g. apple.com, google.com is using the machines local DNS and not what is learnt via the Secure Connect client. We have a work around in place with the customer editing the lmhosts file which is really not a good idea
     
     
     
    Thanks Steve


    ------------------------------
    Steven Waite
    ------------------------------