ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

DNS Settings being updated from ADSL

11.09.09   |  
‎11-09-2009 01:10 AM

We are about to embark on a large scale rollout of SSG20's for a homeworking project. The firewalls will establish a VPN tunnel back to the corporate network over ADSL. Everything seems to be looking good in the trials apart from DNS. The DHCP server on the Trusted interface has our private DNS settings set but when the devices are rebooted, these are overwritten by the ADSL DNS settings.

 

The settings on the devices for the DHCP server are as follows (with some edited for security)

 

set interface ethernet0/0 dhcp server enable
set interface ethernet0/0 dhcp server option lease 1440
set interface ethernet0/0 dhcp server option gateway 10.1.1.1
set interface ethernet0/0 dhcp server option netmask 255.255.255.248
set interface ethernet0/0 dhcp server option domainname ourdomain.co.uk
set interface ethernet0/0 dhcp server option dns1 195.8.162.82
set interface ethernet0/0 dhcp server option dns2 195.8.160.64
set interface ethernet0/0 dhcp server option custom 129 ip 10.1.1.1
set interface ethernet0/0 dhcp server option custom 128 string "*******"
set interface ethernet0/0 dhcp server ip 10.1.1.2 to 10.1.1.5
unset interface ethernet0/0 dhcp server config next-server-ip
unset interface ethernet0/0 dhcp server config updatable

 

This is the output from a device that is already ADSL connected and you can see the public DNS servers have been set. If I'd have booted this without being connected to ADSL, the DNS servers would be our private DNS addresses as I'd expect.

 

It is my understanding that the last two lines of this config are required to stop this update happening but they don't seem to be working, any ideas what I'm doing wrong? It makes no difference if the last two lines are in or not, the problem still happens.

2 REPLIES
ScreenOS Firewalls (NOT SRX)
Solution
Accepted by topic author Jon_Wyatt
‎08-26-2015 01:27 AM

Re: DNS Settings being updated from ADSL

11.09.09   |  
‎11-09-2009 05:59 AM

add this command to your config:

 

unset pppoe name "{PROFILE-NAME}" update-dhcpserver

save

 

(same for pppoa if you use this instead of pppoe)

 

this should avoid Automatic Update of DHCP Servers' DNS Parameters.

 

best regards

Thorsten

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
A kudo would be cool if you think I earned it.

ScreenOS Firewalls (NOT SRX)

Re: DNS Settings being updated from ADSL

11.12.09   |  
‎11-12-2009 12:16 AM

excellent thanks, that's done the trick. Much appreciated.