SRX Services Gateway
Reply
Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0
Accepted Solution

How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

Hi Experts

 

Can any one give me step by step configuration commands for configuring SRX as DDNS client? Also like netscreen can we do the destination NAT on the dynamic IP address on the untrust interface through its FQDN?

 

Thanks

Visitor
nicol
Posts: 8
Registered: ‎11-02-2011
0

Re: How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

download http://forums.juniper.net/jnet/attachments/jnet/junos-automation/392/1/dyn-dns-update.xslt.zip

upload  /var/db/scripts/event/

 

set system services apply-macro dyndns-client1 hostname XXXX.3322.org
set system services apply-macro dyndns-client1 password XXXX
set system services apply-macro dyndns-client1 type 3322
set system services apply-macro dyndns-client1 username XXXX


set event-options policy dyn-dns-updater events SYSTEM
set event-options policy dyn-dns-updater attributes-match SYSTEM.message matches "EVENT Add"
set event-options policy dyn-dns-updater then event-script dyn-dns-update.xslt
set event-options event-script file dyn-dns-update.xslt

 

The format of the update message is different from server to server. This script accepts the following most common ones:

    dyndns
    dtdns
    dnspark
    3222
    no-ip
    dns-o-matic
    everydns
    changeip
    freedns (more on this one later)
    dnsexit

Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

Re: How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

Hi nicol

 

Thanks for the reply. Just few quesitons:

 

1- What is 3322 in the command "set system services apply-macro dyndns-client1 type 3322" If I am using the dyndns then should I need to specify "set system services apply-macro dyndns-client1 type dyndns" ????

 

2- In the configuration, you provided, we did not specify the ADSL interface anywhere in the configuration?

 

Thanks

Visitor
riazjo
Posts: 4
Registered: ‎02-20-2013
0

Re: How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

Hi Nicol,

 

Did you manage to get it working with freedns.afraid.org?

Contributor
gaurav.gosain
Posts: 20
Registered: ‎01-30-2014
0

Re: How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

gauravg@srx-a# run show system services dynamic-dns client
node0:
--------------------------------------------------------------------------
warning: named-service subsystem not running - not needed by configuration.

 

 

set system services apply-macro dyndns-client1 hostname xx.freedns.afraid.org
set system services apply-macro dyndns-client1 password dynamicdns
set system services apply-macro dyndns-client1 type dns-o-matic
set system services apply-macro dyndns-client1 username "x.x@xxxxx.com"

 

freedns link is added to the dns-0-matic and comes active 

 

script is uploaded and relevant config as well . still cant get the ddns working 


nicol wrote:

download http://forums.juniper.net/jnet/attachments/jnet/junos-automation/392/1/dyn-dns-update.xslt.zip

upload  /var/db/scripts/event/

 

set system services apply-macro dyndns-client1 hostname XXXX.3322.org
set system services apply-macro dyndns-client1 password XXXX
set system services apply-macro dyndns-client1 type 3322
set system services apply-macro dyndns-client1 username XXXX


set event-options policy dyn-dns-updater events SYSTEM
set event-options policy dyn-dns-updater attributes-match SYSTEM.message matches "EVENT Add"
set event-options policy dyn-dns-updater then event-script dyn-dns-update.xslt
set event-options event-script file dyn-dns-update.xslt

 

The format of the update message is different from server to server. This script accepts the following most common ones:

    dyndns
    dtdns
    dnspark
    3222
    no-ip
    dns-o-matic
    everydns
    changeip
    freedns (more on this one later)
    dnsexit


 

gosain
Distinguished Expert
spuluka
Posts: 2,815
Registered: ‎03-30-2009
0

Re: How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

DDNS is now a supported feature in Junos itself with scripting no longer needed.  This was added with Junos 12.1x44D10

 

http://www.juniper.net/techpubs/en_US/junos12.1x45/topics/reference/command-summary/Show-system-serv...

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB28971

Steve Puluka BSEET
Juniper Ambassador
Expert Network Security Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Contributor
gaurav.gosain
Posts: 20
Registered: ‎01-30-2014
0

Re: How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

hi Spuluka

 

i have tried that  on 12.1x44D10 but only "dyndns" and "ddo" are valid opttion . Dyndns has changed from free services to paid .  I have tried to use the dns-o-matic and freedns.afraid.org account but no luck . 

 

 

I am running srx behind a adsl router for ipsec tunnel ( based on hostname / fqdn) . i have  configured the dhcp address at wan interface facing adsl router.  I want to monitor the srx using the dyndns account  so i know tunnels are dropping when internet drop or they get dropped even if internet was alive. 

 

Is there another way for using dyndns without the given options . 

 

thanks 

 

gosain
Visitor
mrjaylewis
Posts: 4
Registered: ‎12-14-2014
0

Re: How to configure SRX device as DDNS client and Destination NAT on Dynamic Untrut IP?

[ Edited ]

Just in case anyone wants to get the script working with a freedns direct update url instead of updating freedns through a dnsomatic account...

 

script goes in /var/db/scripts/event/ like the instructions say.

 

The event-options part is just like everyone else says, and it goes in the base of the heirarchy:

 

event-options {
    policy dyn-dns-updater {
        events SYSTEM;
        attributes-match {
            SYSTEM.message matches "EVENT Add";
        }
        then {
            event-script dyn-dns-update.xslt;
        }
    }
    event-script {
        file dyn-dns-update.xslt;
    }
}

 

And the freedns part that works for me looks like this, just the type and url parameters are all that's needed, and you can even use https instead of the http direct urls that freedns gives you:

 

under the system / services heirarchy:

       

       apply-macro dyndns-client1 {
            type freedns;
            url "https://freedns.afraid.org/dynamic/update.php?<the secret part>";
        }

 

To test it, just disable/commit enable/commit your outside dhcp interface.  And if you have ppoe then see some other threads about the script to make sure you match the correct message.

 

And FYI, the script seems to only log "ERROR: Address xxx.xxx.xxx.xxx has not changed." in the dyndns.log file.  Looks like there may be missing logic to log the actual result but I haven't dug into it yet.  Maybe someone can post an updated version of the script that logs freedns correctly?

 

Oh, and I'm doing this on a J2320, not an SRX...

 

Jay.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.