Knowledge Center Search


 

Configuring NTP using domain name (DNS) doesn't work

  [KB8963] Show KB Properties

  [KB8963] Hide KB Properties

Categories:
Knowledge Base ID: KB8963
Last Updated: 22 Jun 2010
Version: 3.0

Summary:
Juniper firewall sends DNS queries for NTP server IP address.
Juniper will not qualify the hostname for NTP server even though domain name is configured.

 

Problem or Goal:
Symptoms:
  • When you force an NTP update with the command "exec ntp update", the clock on the firewall gets updated, but the firewall sends an unnecessary DNS query for the IP address of the NTP server.  This can be verified by checking the DNS cache in the firewall.  There will be an entry for unresolved addresses with the command:  get dns host cache
  • When you configure the firewall with a Domain name (i.e. test.com) and configure the hostname for NTP server such as "ns01", the firewall doesn't automatically qualify the hostname. It just sends a DNS query for "ns01" instead of "ns01.test.com".


Solution:

1. Unnecessary DNS query for the NTP server IP address should be stopped. This behavior is fixed in ScreenOS 5.4.0r3a and above.

2. For the NTP server, configure the FQDN instead of just the hostname.

 

 

Purpose:
Configuration

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.