Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to propagate DNS information from ISP to the Client PC

0

0
Article ID: KB31279 KB Last Updated: 17 Jul 2020Version: 3.0 Summary:

This article describes how to propagate DNS information from a DHCP server in the ISP to the client PC in an internal network behind the SRX firewall.

 

Symptoms:

Customer has a DHCP server in ISP which provides IP address details to the PC behind the SRX firewall. The topology is as given below.

Topology

ISP(DHCP_SERVER)---20.1.1.0/24-----(ge-0/0/1)SRX(ge-0/0/2)----30.1.1.0/24------PC

This article details how to configure and verify the settings to provide DNS information from the DHCP server to the PC.

 

Solution:

The following setting example is for SRX345.

set version 15.1X49-D60.7
set system services dhcp pool 30.1.1.0/24 address-range low 30.1.1.2
set system services dhcp pool 30.1.1.0/24 address-range high 30.1.1.10
set system services dhcp pool 30.1.1.0/24 default-lease-time 1800
set system services dhcp pool 30.1.1.0/24 router 30.1.1.1
set system services dhcp pool 30.1.1.0/24 propagate-settings ge-0/0/1.0 
set security policies default-policy permit-all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces irb.0 host-inbound-traffic system-services all
set interfaces ge-0/0/1 unit 0 family inet dhcp server-address 20.1.1.1
set interfaces ge-0/0/1 unit 0 family inet dhcp update-server
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 3
set interfaces irb unit 0 family inet address 30.1.1.1/24
set protocols l2-learning global-mode switching
set vlans vlan3 vlan-id 3
set vlans vlan3 l3-interface irb.0

Verification in SRX

root@SRX-345-1# run show system services dhcp client ge-0/0/1.0

Logical Interface name ge-0/0/1.0
Hardware address 30:b6:4f:2d:7b:42
Client status bound
Server address 20.1.1.1
Address obtained 20.1.1.2
Update server enabled
Lease obtained at 2016-11-16 11:13:45 HKT
Lease expires at 2016-11-30 11:13:45 HKT

DHCP options:
Name: server-identifier, Value: 20.1.1.1
Code: 1, Type: ip-address, Value: 255.255.255.0
Name: router, Value: [ 20.1.1.1 ]
Name: name-server, Value: [ 8.8.8.8 ]  <--From the ISP

 

Modification History:

2020-07-17: Article reviewed for accuracy; no changes required; article still valid

 

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search