Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to propagate DNS information from ISP to the Client PC

0

0

Article ID: KB31279 KB Last Updated: 22 Mar 2017Version: 2.0
Summary:

This article describes how to propagate DNS information from DHCP in ISP to the Client PC in an internal network behind the SRX firewall.

Symptoms:

Customer has a DHCP server in ISP which provides IP address details to the PC behind the SRX. The topology is as given below.

Topology:
ISP(DHCP_SERVER)---20.1.1.0/24-----(ge-0/0/1)SRX(ge-0/0/2)----30.1.1.0/24------PC

This article provides details to configure and verify the settings to provide DNS details from DHCP server to the PC.
Solution:
The following setting example is for SRX345.

set version 15.1X49-D60.7
set system services dhcp pool 30.1.1.0/24 address-range low 30.1.1.2
set system services dhcp pool 30.1.1.0/24 address-range high 30.1.1.10
set system services dhcp pool 30.1.1.0/24 default-lease-time 1800
set system services dhcp pool 30.1.1.0/24 router 30.1.1.1
set system services dhcp pool 30.1.1.0/24 propagate-settings ge-0/0/1.0 
set security policies default-policy permit-all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces irb.0 host-inbound-traffic system-services all
set interfaces ge-0/0/1 unit 0 family inet dhcp server-address 20.1.1.1
set interfaces ge-0/0/1 unit 0 family inet dhcp update-server
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 3
set interfaces irb unit 0 family inet address 30.1.1.1/24
set protocols l2-learning global-mode switching
set vlans vlan3 vlan-id 3
set vlans vlan3 l3-interface irb.0

Verification in SRX:
root@SRX-345-1# run show system services dhcp client ge-0/0/1.0

Logical Interface name ge-0/0/1.0
Hardware address 30:b6:4f:2d:7b:42
Client status bound
Server address 20.1.1.1
Address obtained 20.1.1.2
Update server enabled
Lease obtained at 2016-11-16 11:13:45 HKT
Lease expires at 2016-11-30 11:13:45 HKT

DHCP options:
Name: server-identifier, Value: 20.1.1.1
Code: 1, Type: ip-address, Value: 255.255.255.0
Name: router, Value: [ 20.1.1.1 ]
Name: name-server, Value: [ 8.8.8.8 ]  <--From the ISP

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search