The article summarizes the issue when Split DNS feature is used and the DNS queries are sent to the name server instead of failing when the forwarder is not available and the support of this DNS BIND feature from the JUNOS version 12.1X46-D10.
Consider the following configuration in which Split DNS feature is implemented :
root@srx# show system services dns
dns-proxy {
interface {
ge-0/0/0.0;
}
default-domain * {
forwarders {
3.3.3.3;
}
}
view Server_Internal {
match-clients 192.168.3.0/24;
domain test1234.com {
forwarders {
192.168.1.30;
}
}
domain * {
forwarders {
3.3.3.3;
}
}
}
}
Here it is expected that the DNS query when initiated from the subnet 192.168.3.0/24 for “test1234.com” , it is sent to the DNS server 192.168.1.30.
If the DNS server is down and does not answer the query, it is expected that the query fails and is not answered by any other DNS server , this is basically the “forward-only” option of DNS BIND.
The support of this feature is “Forward-only” option of DNS BIND and is supported from 12.1X46-D10. Below is a supported configuration on SRX series firewall :
root@srx# show system services dns
dns-proxy {
interface {
ge-0/0/0.0;
}
default-domain * {
forwarders {
3.3.3.3;
}
}
view Server_Internal {
match-clients 192.168.3.0/24;
domain test1234.com {
forward-only;
forwarders {
192.168.1.30;
}
}
domain * {
forwarders {
3.3.3.3;
}
}
}
}