SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  DNS Proxy send zone over VPN

    Posted 06-13-2013 18:50

    Hi All,

     

    So 12.1X44 includes a DNS proxy which is a very nice feature to finally have.

     

    I have a requirement where I want to route specific DNS zones over a VPN connection.

     

    For example forward example.com to 192.168.2.2 (which is on the other side of a route based VPN).

     

    I can use the DNS proxy to route specific DNS zones to a local DNS server, but not over a VPN.

     

    Something like:

     

    dns {
    dns-proxy {
        interface {
            vlan.0;
        }
        default-domain * {
            forwarders {
                192.231.203.132;
                192.231.203.3;
            }
        }
        default-domain example.local {
            forwarders {
                10.0.0.5; //local ip works
            }
        }
        default-domain example2.local {
            forwarders {
                192.168.2.2; //remote ip over VPN doesn't
            }
        }
    }
}

     

     



  • 2.  RE: DNS Proxy send zone over VPN
    Best Answer

    Posted 06-14-2013 05:02

    Hi mwdmeyer,

     

    I've got this exact set-up running at one of my sites.  You need to put your example.com config into a "view" eg:

    dns-proxy {
    interface {
        vlan.0;
    }
    default-domain example.local {
        forwarders {
            10.0.0.5;
        }
    }
    view EXAMPLE2 {
        match-clients 10.0.0.0/24;
        domain example2.local {
            forwarders {
                192.168.2.2;
            }
        }
    }                                   
}

    plus your wildcard entry.



  • 3.  RE: DNS Proxy send zone over VPN

    Posted 06-14-2013 05:35

    Thanks for the reply, sounds promising!

     

    Unfortunately I cannot make it work.

     

    interface {
    vlan.0;
}
default-domain * {
    forwarders {
        192.231.203.132;
        192.231.203.3;
    }
}
default-domain dalegroup.local {
    forwarders {
        10.0.0.5;
    }
}
cache {
    unifi inet 103.24.132.36;
}
view remote {
    match-clients 10.0.0.0/22;
    domain remote.local {
        forwarders {
            192.168.2.2;
        }
    }
    domain * {
        forwarders {
            192.231.203.132;
            192.231.203.3;
        }
    }
}

     Do I need to make any other changes? I also cleared the SRX DNS cache and tried a commit full.



  • 4.  RE: DNS Proxy send zone over VPN

    Posted 06-14-2013 16:43
    I don't have the wildcard configured under the view, I wonder if that is catching your queries?


  • 5.  RE: DNS Proxy send zone over VPN

    Posted 06-14-2013 19:46

    Thanks Ben,

     

    I got it working. I removed the wildcard config, but that wasn't the issue.

     

    For some reason the specific DNS server I was pointing to wasn't responding to the SRX, even though local clients can query it. Must be some odd config somewhere.

     

    Tested with another remote site and it works great. So the config above is correct (excluding the wildcard in the view).

     

    Thanks again, this feature will be very useful!