-
I've got external dns servers listed under name server.
-
iv'e got DNS allowed in in the WAN security zone
-
I am trying to ping an FQDN via an EXTERNAL ip address from the CLI, and the DNS lookup fails.
WAN zone is in the default instance and I can ping the dns server using the same ip address / interface I am querying the DNS from.
ie, ping reddit.com source 1.2.3.4 (fails)
ie, ping 8.8.8.8 source 1.2.3.4 (Pings returned from this IP)
Am I going crazy?
edit: I've got the "source-address" bit on the name-server configuration as well, same problem.
No "junos-host" policies configured, so the junost-host permit all should still be in effect.
no NAT configured either. Any thoughts?
Below is config.
time-zone US/Eastern;
name-server {
8.8.4.4 source-address x.x.x.x/x;
8.8.8.8 source-address x.x.x.x/x;
}
amnesiac# show security zones security-zone WAN
host-inbound-traffic {
system-services {
ping;
ike;
dns;
}
}
interfaces {
reth0.x;
amnesiac# show security policies from-zone WAN to-zone WAN
policy Permit-All {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}