ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Jon_Wyatt
Posts: 21
Registered: ‎05-10-2008
0
Accepted Solution

DNS Settings being updated from ADSL

We are about to embark on a large scale rollout of SSG20's for a homeworking project. The firewalls will establish a VPN tunnel back to the corporate network over ADSL. Everything seems to be looking good in the trials apart from DNS. The DHCP server on the Trusted interface has our private DNS settings set but when the devices are rebooted, these are overwritten by the ADSL DNS settings.

 

The settings on the devices for the DHCP server are as follows (with some edited for security)

 

set interface ethernet0/0 dhcp server enable
set interface ethernet0/0 dhcp server option lease 1440
set interface ethernet0/0 dhcp server option gateway 10.1.1.1
set interface ethernet0/0 dhcp server option netmask 255.255.255.248
set interface ethernet0/0 dhcp server option domainname ourdomain.co.uk
set interface ethernet0/0 dhcp server option dns1 195.8.162.82
set interface ethernet0/0 dhcp server option dns2 195.8.160.64
set interface ethernet0/0 dhcp server option custom 129 ip 10.1.1.1
set interface ethernet0/0 dhcp server option custom 128 string "*******"
set interface ethernet0/0 dhcp server ip 10.1.1.2 to 10.1.1.5
unset interface ethernet0/0 dhcp server config next-server-ip
unset interface ethernet0/0 dhcp server config updatable

 

This is the output from a device that is already ADSL connected and you can see the public DNS servers have been set. If I'd have booted this without being connected to ADSL, the DNS servers would be our private DNS addresses as I'd expect.

 

It is my understanding that the last two lines of this config are required to stop this update happening but they don't seem to be working, any ideas what I'm doing wrong? It makes no difference if the last two lines are in or not, the problem still happens.

Trusted Contributor
Optimist
Posts: 60
Registered: ‎09-09-2009

Re: DNS Settings being updated from ADSL

add this command to your config:

 

unset pppoe name "{PROFILE-NAME}" update-dhcpserver

save

 

(same for pppoa if you use this instead of pppoe)

 

this should avoid Automatic Update of DHCP Servers' DNS Parameters.

 

best regards

Thorsten

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
A kudo would be cool if you think I earned it.

Contributor
Jon_Wyatt
Posts: 21
Registered: ‎05-10-2008
0

Re: DNS Settings being updated from ADSL

excellent thanks, that's done the trick. Much appreciated.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.