SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Dynamic DNS Registration Problems

    Posted 12-12-2014 18:06

    Hi everyone,

     

    We recently merged with another company, and are changing the way our networks connect. Not going into great detail, I'll just get straight to the problem:

     

    We have a location behind an SRX650, and dynamic DNS registration refuses to work properly. The DNS server which is on a different network does not get any DNS updates from this location. All of our other locations that have SRX210's behind them (but don't have any firewall rules) have no problems. This has ALWAYS been the problem since I started working here the last couple of years. The interface that leads to the network containing the DNS server, is part of the trust group, and anything going from trust to trust has a rule that allows any, any, any. I added explicit DNS allow rules just to be sure - but that had no effect. All these machines have all been re-imaged, and have all the same group policy settings. I'm 100% sure that it's the SRX blocking some kind of traffic - but the rules look right.

     

    What am I missing?

     

    Thanks for any input.



  • 2.  RE: Dynamic DNS Registration Problems

    Posted 12-12-2014 18:07

    I forgot to mention that all the machines recieve IP/DNS info from a DHCP server - not the router.



  • 3.  RE: Dynamic DNS Registration Problems
    Best Answer

    Posted 12-13-2014 04:54
    The DNS ALG may be blocking DDNS updates. Unless you need the ALG, try disabling it, or create a custom application for that traffic which doesn't use the ALG


  • 4.  RE: Dynamic DNS Registration Problems

    Posted 12-15-2014 12:33

    Don't think this applies to me - I'm not worried about getting DNS updates from services out on the web, this is all internal. Going from trust-to-trust. I'm referring to Dynamic DNS registration on our Windows PC. When a PC connects to our network, it should reach out to the DNS server and initiate an update on our server (or create a record). This is all internal. On a side note - DNS ALG is enabled.

     

    I just got through looking at our syslogs on the SRX650, and find no place where DNS traffic is being blocked, except on some of other our untrust ports.

     

    Still very stumped.



  • 5.  RE: Dynamic DNS Registration Problems

    Posted 12-15-2014 15:01

    I stand corrected, disabling DNS ALG worked! I can't believe this whole time it was that simple...


    I'm going to do what you suggested and make a custom application with DNS ALG disabled. Sounds like we want it enabled if it's possible...