Screen OS

I have confirmed that the DNS values for all of my DHCP servers gets overwritten with the DNS values set for Network > DNS > Host on reboot.

I can reset the DNS values in all of my DHCP servers, confirm the information is correct from Configuration > Update > Config File, reboot and see the values here set back to the system's settings.

I have a SSG5 running firmware: 6.0.0r4.0

Even though I finally have a proper customer account, they still have not gotten my unit right in their data files so I can neither download current firmware or submit a case number on this....  

You most likely have the "Update DHCP Server" option set in your DHCP client settings for your untrust interface.  This transfers the TCP/IP settings learned from the untrust side to the DHCP server on your firewall.  

Under your DHCP Client settings for your Untrust interface.  Make sure you have update DHCP server unchecked.

Network -->DHCP--Edit(whatever your untrust interface is set to), then under your DHCP client setting uncheck "Update DHCP Server"

or from the CLI

( using ethernet0/0 as my untrust interface )

unset interface ethernet0/0 dhcp client settings update-dhcpserver

OK.  I never noticed in Network -->DHCP--Edit for the untrusted interface.  Never thought to look there as I did not have any DHCP server there!

But when I look at the screen, I had 'none' selected.  I selected DHCP Client, and theUpdate DHCP Server and it is unclicked.

I am selecting this, it might be that if you DON'T select DHCP client this works wrong.  So I will set this and boot the box and report back.

Update.

I set the DHCP client option for my 1 untrusted interface.  BTW, this interface is also running PPPoE.

Now the config file has in its;

set interface ethernet0/1 dhcp client enable
unset interface ethernet0/1 dhcp client settings update-dhcpserver

Previously there was nothing in the file for ethernet0/1

I rebooted the unit (power cycled), and checked the DHCP server settings and still the DHCP DNS options were overwritten.

If this would have 'fixed' the problem it would be one of the WORST default behaviors I have seen.  But 'forutunately' it is not and there is something larger wrong here.

The fix I had stated above won't work for you as you are using PPPoE to update your interface instead of DHCP.  

For changes to the NetScreen DHCP server via PPPoE updates, use the following CLI commands. 

set pppoe dhcp-nochange

save

In the WebGui you can do this by the following.

Network ---> PPP ----> PPPoE Profile ----> edit the PPPoE profile ---->Uncheck the "Automatic Update of DHCP Server's DNS Parameters" then click okay.

OK.  Thanks that did the trick.

I went back to the manual to see if this option is defined there.  They use it in an example, telling you to select it, but don't tell you what it does.

I remember looking at it, and getting a quite different sense.  That it was to update my host DNS information.  I did not think it through that it would also update my DHCP information.

Hindsight is a wonderful thing, but the documentation is spotty...

Thanks again.