SRX

We have a chassis cluster with two nodes of SRX650. Recently I noted unclear DNS activity from our system. For the moment there are total 53 sessions and 47 of them are DNS requests from SRX to Juniper's DNS servers 208.67.222.222 and 208.67.220.220. When I issue "clear security flow session application dns", the sessions appear again. Is anyone faced this situation already? Please feedback to me. Here are some logs:

Session ID: 15, Policy name: self-traffic-policy/1, State: Active, Timeout: 434, Valid
In: X.X.X.X/65412 --> 208.67.220.220/53;udp, If: .local..0, Pkts: 0, Bytes: 0
Out: 208.67.220.220/53 --> X.X.X.X/65412;udp, If: reth0.10, Pkts: 0, Bytes: 0

Session ID: 19, Policy name: self-traffic-policy/1, State: Active, Timeout: 436, Valid
In: X.X.X.X/60873 --> 208.67.222.222/53;udp, If: .local..0, Pkts: 0, Bytes: 0
Out: 208.67.222.222/53 --> X.X.X.X/60873;udp, If: reth0.10, Pkts: 0, Bytes: 0

where X.X.X.X - is real IP-address of the SRX chassis cluster. Why the counts of the packets and bytes are zero?

Thanks to all!

IP address that you are seeing is an openDNS IP.

http://whois.domaintools.com/208.67.220.220

Have you got registered with openDNS (or) is there an DNS record in your server for this ip?

This is not an issue with SRX I reckon.

Regards,

Raveen

Thank you for answer! I have resolved this problem. I had mistake in configuration. Yesterday before I noted this DNS activity from SRX I have installed input filter on outside interface to limit management access to SRX. Thus together with restriction of management traffic all remaining traffic was disabled also. So the counts of the packets and bytes were zero. When I removed input filter the DNS activity has stopped.

But now I know that the DNS servers registered in a default configuration, are used by SRX in the course of operation. Earlier I thought that they are registered for convenience of the administrators who are setting up SRX.