The Dynamic DNS (DDNS) updates may be dropped by the DNS ALG, as they are not supported by the DNS ALG for ALL SRX series as of Junos 11.1.
The Junos 11.1 Release Notes specify in the SRX Known Limitations that the on SRX5800 devices, the DDNS updates might be dropped by DNS ALG as they are currently not supported by DNS ALG.
The DNS ALG is enabled by default. When it is enabled, Dynamic DNS (DDNS) updates will be dropped. This is a expected behavior.
Note: As of Junos 12.1X44, this is still true. DDNS pass-through is not supported on all SRX platforms in Junos 12.1X44 and below. It should be supported in the future releases. See each the Release Notes for more information.
Consider the following topology:
DDNS client ----- SRX ------- DDNS server
Here, a PC/Server is acting as a DDNS client behind the SRX device, trying to get DDNS updates from the DDNS server on the other side of the SRX. When this happens, DDNS updates will fail.
Note: From Junos 12.1X45-D10 onwards,this feature is supported on SRX device.For more information,refer Junos® OS 12.1X45 Release Notes [Page:7]
Above Junos 12.1X release ,If you need to use DDNS updates, the DNS ALG must be disabled.
To do this:
1. From Operational Mode, that the DNS ALG is enabled:
root> show security alg status
ALG Status :
DNS : Enabled <---------
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Enabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled
2. From Configuration Mode, disable the DNS ALG:
root# set security alg dns disable