Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to define DNS server addresses and schedule lookups?

0

0

Article ID: KB4200 KB Last Updated: 20 Mar 2020Version: 8.0
Summary:

This article provides information on how to define DNS server addresses and schedule lookups.

Symptoms:
How to define DNS server addresses and schedule lookups?
Solution:
The Juniper firewall does not function as a DNS server. The DNS feature is required, when using certificates. This configuration also permits the use of FQDN with address book entries and allows the firewall to resolve names that may be used in the address book entries. 

 To configure DNS on the firewall and schedule lookups, perform the following procedure:

  1. Open the WebUI. For more information, refer to KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI.

  2. From the ScreenOS options menu, go to Network >DNS > Host and provide the IP address of the Primary DNS Server, Secondary DNS Server, and Tertiary DNS Server:



    For this example, 10.0.0.1 has been used as the Primary DNS Server IP address , 10.1.1.1 as the Secondary DNS Server IP address and 10.2.2.2 as the Tertiary DNS Server IP Address.

  3. You can also specify a source (src) interface for the DNS server. When a source interface is specified on the security device, DNS request packets, which are initiated from within the device by the DNS module, are treated as if they are received externally from the set source interface.

    With the source interface being specified, DNS request packets, as with user packets, trigger the firewall policy lookup and are handled according to the rules of the policy. The source interface can be any interface that matches the zone. For this example, Ethernet0/0 is configured as the source interface.

  4. Select the DNS Refresh check box and in the the Every Day at text box, type a value.

  5. Click Apply.
 

CLI configuration:

>set dns host dns1 10.0.0.1 src-interface ethernet0/0
>set dns host dns2 10.1.1.1 src-interface ethernet0/0
set dns host dns3 10.2.2.2 src-interface ethernet0/0
>set dns host Schedule 23:00 interval 24
> save
Modification History:
2020-03-20: Minor, non-technical update.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search