Knowledge Center Search


 

Configuring NTP using domain name (DNS) doesn't work

  [KB8963] Show KB Properties

  [KB8963] Hide KB Properties

Categories:
Knowledge Base ID: KB8963
Last Updated: 22 Jun 2010
Version: 3.0

Summary:
Juniper firewall sends DNS queries for NTP server IP address.
Juniper will not qualify the hostname for NTP server even though domain name is configured.

 

Problem or Goal:
Symptoms:
  • When you force an NTP update with the command "exec ntp update", the clock on the firewall gets updated, but the firewall sends an unnecessary DNS query for the IP address of the NTP server.  This can be verified by checking the DNS cache in the firewall.  There will be an entry for unresolved addresses with the command:  get dns host cache
  • When you configure the firewall with a Domain name (i.e. test.com) and configure the hostname for NTP server such as "ns01", the firewall doesn't automatically qualify the hostname. It just sends a DNS query for "ns01" instead of "ns01.test.com".


Solution:

1. Unnecessary DNS query for the NTP server IP address should be stopped. This behavior is fixed in ScreenOS 5.4.0r3a and above.

2. For the NTP server, configure the FQDN instead of just the hostname.

 

 

Purpose:
Configuration

Related Links:

Logged In


null OblixAnonymous
Logout My Account My Subscriptions

 

ASK THE KB

Question or KB ID:


 


 

ARTICLE FEEDBACK

*Selection Required

*Rate the Helpfulness
Solved my problem
Helpful, but didn't solve my problem
Not helpful, didn't solve my problem
Just browsing
 
*Rate the Quality - This article is comprehensive and easy to understand
Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
 
Comments?

 
Your response will be used to improve our document content.
 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.