Screen OS

I have a couple of 5GT running 5.4.0r9 that I'm attempting to get to work with dyndns.  I've following KB4582 with clear text checked, and have also loaded the CA cert as instructed in KB7380 and then unchecked the clear text box.  Neither way works, the Last Response field is always not-init and the host ip is never updated.  I do not see any error messages in the event logs.

Server is set to members.dyndns.org, and it is bound to the untrust interface.

Thanks for any insights you might have.

Bryan

I have same issue with my NS5GT.  I checked from the DynDNS.com and found actually Netscreen products were not certified hardware from DynDNS.com.

Also after saving the configuration of DynDNS, the password field went "blank" again while the agent generated a series of string which I cannot tell whether this was necessary.

The biggest issue here is, there is no single event log stating the action/process to/from DynDNS.

I personally have dyndns.org on my own 5GT and it works well. That is how I terminate my VPN tunnel, via dyndns domain name. Make sure that you have DNS configured or assigned by ISP on the 5GT as well or else the 5GT will not be able to resolve members.dyndns.org.

Can you post your DDNS configs?  Also post output of command: get dns ddns.

Once you have that command look for the id # (first column). Then post command: get dns ddns id <#>.

Finally you can enable ddns debugs with command: debug dns ddns.

View the output of the debug with command: get db stream.

-Richard

Like Richard, I had a 5GT running DynDNS but once you get it working you may have a problem with DynDNS themselves. The problem is the maximum time you can update is 30 days (trying to remember), and DynDNS kept locking my account due to abuse. They advised me to try to increase the update period. This is probably why they do not certify the Juniper hardware. The SSG20 running now allows up to 365 days which no one can say that's abuse 🙂

Thanks Richard!  It's so often the silliest little thing that trips us up.... 

I was doing all my testing in a static IP environment where the DNS servers were not automatically set, but my mindset was on the DHCP environment where they would be set....eventually.

Hi Guys

I have the same problem on my SSG350M - My DDNS doesnt seem to update - i run sooo many juniper firewalls and connect most of them via VPN (DYN DNS) - all of them work fine except this one (SSG350) - ive tried to troubleshoot but i still get nowhere.

Anyone got any ideas on how to fix it..........the way i fix it is, i copy the ADSL ip and log into dyndns.com and paste the ip onto the hostname that needs it - - booom it works,,,,,,,,its not the right way but it does work until the ADSL IP changes....the other way to fix it is to download the DYN DNS client and run that from inside the network.......that also works very well.

Hope the info helps

Andrew 

I too am having the same issue with a SSG20 unit.  I read another post where it states that you must use a broswer to access members.dyndns.org ,collect the cert and install it on the firewall.  The URL members.dyndns.org returns a 404 error.  Here is the output from my firewall.  By the way I have no server on most of my internal networks to run the Dyndns client.  Does anyone have the different server URL I could try for Dyndns?

get dns ddns id 2
Id:                     2
State:                  Init
Socket:                 -1
Type:                   dyndns
Server:                 members.dyndns.org
Clear-text:             yes
Refresh-int:            7 days 0 hours 0 minutes 0 seconds
Min-update-int:         1 hours 0 minutes 0 seconds
Next-update:            6 days 19 hours 31 minutes 0 seconds
Username:               rm760@roadrunner.com
Password:               **********
Agent:                  Netscreen-6.3.0r4.0-0164092006001116
Src-interface:          ethernet0/0
Host-name:              hounds.dyndns.org (dyndns)
Last-response:          badauth
Last-response-ip:       0.0.0.0
Last-Updated:           before 4 hours 30 minutes 3 seconds

Counters
--------------------------------------------------------------------------------
Successful updates:     0
Failed updates:         6
Server lookup failures: 0
Socket creation errors: 0
Socket connect errors:  0
Socket send errors:     0
Update retries:         0