We have a chassis cluster with two nodes of SRX650. Recently I noted unclear DNS activity from our system. For the moment there are total 53 sessions and 47 of them are DNS requests from SRX to Juniper's DNS servers 208.67.222.222 and 208.67.220.220. When I issue "clear security flow session application dns", the sessions appear again. Is anyone faced this situation already? Please feedback to me. Here are some logs:
Session ID: 15, Policy name: self-traffic-policy/1, State: Active, Timeout: 434, Valid
In: X.X.X.X/65412 --> 208.67.220.220/53;udp, If: .local..0, Pkts: 0, Bytes: 0
Out: 208.67.220.220/53 --> X.X.X.X/65412;udp, If: reth0.10, Pkts: 0, Bytes: 0
Session ID: 19, Policy name: self-traffic-policy/1, State: Active, Timeout: 436, Valid
In: X.X.X.X/60873 --> 208.67.222.222/53;udp, If: .local..0, Pkts: 0, Bytes: 0
Out: 208.67.222.222/53 --> X.X.X.X/60873;udp, If: reth0.10, Pkts: 0, Bytes: 0
where X.X.X.X - is real IP-address of the SRX chassis cluster. Why the counts of the packets and bytes are zero?
Thanks to all!