Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring NTP using domain name (DNS) doesn't work

0

0

Article ID: KB8963 KB Last Updated: 22 Jun 2010Version: 3.0
Summary:
Juniper firewall sends DNS queries for NTP server IP address.
Juniper will not qualify the hostname for NTP server even though domain name is configured.

 

Symptoms:
Symptoms:
  • When you force an NTP update with the command "exec ntp update", the clock on the firewall gets updated, but the firewall sends an unnecessary DNS query for the IP address of the NTP server.  This can be verified by checking the DNS cache in the firewall.  There will be an entry for unresolved addresses with the command:  get dns host cache
  • When you configure the firewall with a Domain name (i.e. test.com) and configure the hostname for NTP server such as "ns01", the firewall doesn't automatically qualify the hostname. It just sends a DNS query for "ns01" instead of "ns01.test.com".


Solution:

1. Unnecessary DNS query for the NTP server IP address should be stopped. This behavior is fixed in ScreenOS 5.4.0r3a and above.

2. For the NTP server, configure the FQDN instead of just the hostname.

 

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search