Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to prevent PPPoE from updating DHCP server interface DNS options on the firewall

0

0

Article ID: KB17655 KB Last Updated: 28 Jun 2010Version: 1.0
Summary:
When the firewall is rebooted or disconnects from or connects to the PPPoE instance, the DNS server setting options on the bg0 and bg1 DHCP server interfaces are overwritten or changed to those provided by the PPPoE ISP.
Symptoms:
The firewall is configured as follows:
  • Untrust eth0/0 interface is a PPPoE connection
  • bg0 and bg1 interfaces are acting as DHCP servers to clients connected to those interfaces
  • bg0 and bg1 interfaces are statically configured with IP addresses for internal network DNS servers, under the DNS server settings options on the bg0 and bg1interfaces DHCP server settings
Solution:
ScreenOS has DHCP server settings to prevent updates from the ISP from changing the DNS server option settings on the DHCP server enabled interfaces.

PPPoE has a specific CLI command to prevent this as PPPoE DNS updates are handled a little differently in ScreenOS compared to dialup, DSL, or Ethernet.

The following command needs to be configured to prevent the PPPoE ISP from forcibly updating the DHCP server DNS options:

unset PPPoE update-dhcpserver


All other protocols use the following command to achieve the same goal:

unset int <interface name> dhcp server config updatable



”note: For more details, refer to the system parameters in Chapter 8 of the ScreenOS Concepts & Examples Guide - Fundamentals: http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_fundamentals.pdf
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search