Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Subscriber Management] Commit script for preventing missing pool DNS configuration

0

0

Article ID: KB32974 KB Last Updated: 20 Nov 2018Version: 1.0
Summary:

Some BNG customers in the pool assignment configuration will add the DNS server IPS (family inet xauth-attributes priamry-dns/secondary-dns) to their PPPoE subscribers. If this configuration is missing, subscribers will not get assigned the DNS. Therefore, they cannot resolve the URLs when surfing the internet.

This article provides a commit script to prevent the deletion or omission of this pool configuration.

Symptoms:

DNS under the address-assignment pool is deleted from the configuration or omitted during configuration. When a PPPoE connects, this DNS will not be assigned, which causes issues to resolve URLs.

Cause:

Missing configuration under ​access address-assignment pool <pool> family inet xauth-attributes <primary-dns/secondary-dns>.

Solution:

Configure a commit script to prevent this issue.

Login via shell using root password:

[MASTER]
user@Router-re0> start shell user root    
Password:
root@Router-re0:/var/home/labroot # 

Create a file under ​/var/db/scripts/commit:

root@Router-re0:/var/home/labroot # cd /var/db/scripts/commit
root@Router-re0:/var/db/scripts/commit # vi check-dns.slax

Paste next lines and save the file (wq):

version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
    
match configuration {
    for-each (access/address-assignment/pool) {
        var $poolname = name; 
        var $pri-dns = family/inet/xauth-attributes/primary-dns;
        var $sec-dns = family/inet/xauth-attributes/secondary-dns;

        /* Declare an error if the Primary DNS is missing */
        if( $poolname && jcs:empty($pri-dns)  ) {
            <xnm:error> {
                 <message> "pool " _ $poolname _ " the Primary DNS is disabled or missing, please check it.";
            } 
        }
        /* Declare an warning if the secondary-dns is missing*/
        else if( $poolname && jcs:empty($sec-dns) ) {
             <xnm:warning> {
                 <message> "pool " _ $poolname _ " the Secondary DNS is disabled or missing, please check it.";
            } 
        }
    }
}

Note: If you have dual RE environment with GRES, create the same file in the backup RE. For this script, if any pool primary-dns is missing, the commit will fail. If the customer just wants to see a pop up warning message, please change '<xnm:error>' to '<xnm:warning>'.

Exit from shell and apply the commit script to the configuration:

set system scripts commit file check-dns.slax
 

Verification

  1. No pool configured:

    user@Router-re0# show access address-assignment
    
    [Master][edit]
    user@Router-re0# commit
    re0:
    configuration check succeeds
    re1:
    commit complete
    re0:
    commit complete
    
  2. One pool configured and no primary-dns

    user@Router-re0# show access
    address-assignment {
        pool pppoe-1 {
            family inet {
                network 10.167.0.0/16;
            }
        }
    }
    
    [Master][edit]
    user@Router-re0# commit
    re0:
    error: pool pppoe-1 the Primary DNS is disabled or missing, please check it.
    error: 1 error reported by commit scripts
    error: commit script failure
    
  3. One pool configured and deactivated primary-dns

    user@Router-re0# show access
    address-assignment {
        pool pppoe-1 {
            family inet {
                network 10.167.0.0/16;
                xauth-attributes {
                    inactive: primary-dns 10.10.10.10/32;
                }
            }
        }
    }
    
    [Master][edit]
    user@Router-re0# commit
    re0:
    error: pool pppoe-1 the Primary DNS is disabled or missing, please check it.
    error: 1 error reported by commit scripts
    error: commit script failure
    
  4. One pool and primary-dns configured but not configured secondary-dns, commit pass but pop up warning message

    user@Router-re0# show access
    address-assignment {
        pool pppoe-1 {
            family inet {
                network 10.167.0.0/16;
                xauth-attributes {
                    primary-dns 10.10.10.10/32;
                }
            }
        }
    }
    
    [MASTER][edit]
    user@Router-re0# commit
    re0:
    warning: pool pppoe-1 the Secondary DNS is disabled or missing, please check it.
    re0:
    configuration check succeeds
    re1:
    warning: pool pppoe-1 the Secondary DNS is disabled or missing, please check it.
    commit complete
    re0:
    commit complete
    
  5. One pool and primary-dns/secondary-dns both configured

    user@Router-re0# show access
    address-assignment {
        pool pppoe-1 {
            family inet {
                network 10.167.0.0/16;
                xauth-attributes {
                    primary-dns 10.10.10.10/32;
                    secondary-dns 11.11.11.11/32;
                }
            }
        }
    }
    
    [MASTER][edit]
    user@Router-re0# commit
    re0:
    configuration check succeeds
    re1:
    commit complete
    re0:
    commit complete
    
  6. Two pools configured but one pool primary-dns is missing

    user@Router-re0# show access
    address-assignment {
        pool pppoe-1 {
            family inet {
                network 10.167.0.0/16;
                xauth-attributes {
                    primary-dns 10.10.10.10/32;
                    secondary-dns 11.11.11.11/32;
                }
            }
        }
        pool pppoe-2 {
            family inet {
                network 10.177.0.0/16;
            }
        }
    }
    
    [MASTER][edit]
    user@Router-re0# commit
    re0:
    error: pool pppoe-2 the Primary DNS is disabled or missing, please check it.
    error: 1 error reported by commit scripts
    error: commit script failure
    
  7. Two pools configured but both pools secondary-dns is missing

    user@Router-re0# show access
    address-assignment {
        pool pppoe-1 {
            family inet {
                network 10.167.0.0/16;
                xauth-attributes {
                    primary-dns 10.10.10.10/32;
                }
            }
        }
        pool pppoe-2 {
            family inet {
                network 10.177.0.0/16;
                xauth-attributes {
                    primary-dns 10.10.10.10/32;
                }
            }
        }
    }
    
    [MASTER][edit]
    user@Router-re0# commit
    re0:
    warning: pool pppoe-1 the Secondary DNS is disabled or missing, please check it.
    warning: pool pppoe-2 the Secondary DNS is disabled or missing, please check it.
    re0:
    configuration check succeeds
    re1:
    warning: pool pppoe-1 the Secondary DNS is disabled or missing, please check it.
    warning: pool pppoe-2 the Secondary DNS is disabled or missing, please check it.
    commit complete
    re0:
    commit complete
    
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search