SRX Services Gateway
Highlighted
SRX Services Gateway

dhcp name server priority

‎08-14-2018 04:06 PM

Hi ,

 

We are running dhcp service and set dhcp name-server as below.

One  (10.70.1.2) is Internal DNS and the other (8.8.8.8) is external DNS.

 

Our plan is we set internalnal DNS primary and external DNS secondary , but I can't find option to set priority.

Some times , clinets get 8.8.8.8 for DNS , but 8.8.8.8 can't resolve internal only name resolved .

 

 

set system services dhcp pool 10.30.8.0/24 name-server 10.70.1.22
set system services dhcp pool 10.30.8.0/24 name-server 8.8.8.8

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: dhcp name server priority

‎08-14-2018 11:17 PM

I don't remember a way to prioritize name servers on Junos. Usually you would have two internal servers which can resolve for each other in case of breakdowns.

 

An alternate solution would to have the SRX act as a DNS proxy and the forward internal requests to 10.70.1.22 and the rest to 8.8.8.8.

 

Example configuration where everything else than internal.local is forwarded to google.

set system services dns dns-proxy interface <interface-name>
set system services dns dns-proxy default-domain * forwarders 8.8.8.8
set system services dns dns-proxy default-domain internal.local forwarders 10.70.1.22

# also remember to allow dns towards the SRX in the right zone:
set security zones security-zone trust host-inbound-traffic system-services dns

Then configure you DHCP-server settings with your SRX as DNS server:

 

delete system services dhcp pool 10.30.8.0/24 name-server 10.70.1.22
delete system services dhcp pool 10.30.8.0/24 name-server 8.8.8.8
set system services dhcp pool 10.30.8.0/24 name-server <srx-interface-ip>

More information regarding DNS proxy on SRX can be found here: https://www.juniper.net/documentation/en_US/junos/topics/concept/dns-proxy-device-configuration-over...


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: dhcp name server priority

‎08-15-2018 10:43 AM

Thanks , Jonas .

According to LInk , DNS is useable Using DNS enables an SRX300, SRX320, SRX340, SRX345, SRX550M, or SRX1500 .

Mine is SRX-220h .

 

The thing I am looking for is DNS priority in DHCP sub option,

 

 

 

Highlighted
SRX Services Gateway

Re: dhcp name server priority

‎08-15-2018 10:49 AM

When looking at the feature explorer, dns proxy is also supported on SRX100 and SRX200 series:

 

https://apps.juniper.net/feature-explorer/feature-info.html?fKey=167&fn=DNS%20Proxy%20(Cache)%20with...

 

 


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: dhcp name server priority

‎08-15-2018 12:29 PM

I read up on the DHCP RFC's and clients should honor the order of the name servers received via DHCP option 6.

 

Did a bit of testing and every client I try, honors the order when the dhcp service is configured via jdhcpd. I don't have a device running the old dhcp service. To test you will need to deactivate the existing dhcp configuration as both cannot be active at the same time.

 

Example config where 192.168.1.34 always is the first name server when looking from client side.

 

user@fw> show configuration system services dhcp-local-server
group int {
    interface <lan-interface>;
}

user@fw> show configuration access address-assignment pool lan
family inet {
    network 192.168.12.0/24;
    range scope {
        low 192.168.12.30;
        high 192.168.12.99;
    }
    dhcp-attributes {
        grace-period 86400;
        name-server {
            192.168.1.34;
            1.0.0.1;
            1.1.1.1;
        }
        router {
            192.168.12.1;
        }
    }
}

Let us know if this works in your scenario as well.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: dhcp name server priority

‎08-15-2018 05:01 PM

Thanks for your quick response , Jonas

My config is little bit differnet with yours.

 

admin@xxx> show configuration system services dhcp
pool 10.30.8.0/24 {
address-range low 10.30.8.20 high 10.30.8.40;
name-server {
10.70.1.22;
10.70.1.21;

}

 I am not sure is it work as primary and secondary DNS as well .

 

Regards,

Feedback