Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding and Configuring DNS

DNS Overview

A Domain Name System (DNS) is a distributed hierarchical system that converts hostnames to IP addresses. The DNS is divided into sections called zones. Each zone has name servers that respond to the queries belonging to their zones.

DNS Components

DNS includes three main components:

  • DNS resolver: Resides on the client side of the DNS. When a user sends a hostname request, the resolver sends a DNS query request to the name servers to request the hostname's IP address.

  • Name servers: Processes the DNS query requests received from the DNS resolver and returns the IP address to the resolver.

  • Resource records: Data elements that define the basic structure and content of the DNS.

DNS Server Caching

DNS name servers provide a hostname's IP address to users. The TTL field in the resource record defines the period for which DNS query results are cached. When the TTL value expires, the name server sends a fresh DNS query and updates the cache.

Configure a DNS Name Server for Resolving Hostnames into Addresses

You use Domain Name System (DNS) name servers to resolve hostnames to IP addresses.

Before you begin, configure your name servers with the hostname and an IP address for your Juniper Networks device. It does not matter which IP address you assign as the address of your device in the name server, as long it is an address that reaches your device. Normally, you would use the management interface IP address, but you can choose the loopback interface IP address or a network interface IP address. You can even configure multiple addresses on the name server.

For redundancy, as a best practice, configure access to multiple name servers. You can configure a maximum of three name servers. The approach is similar to the way Web browsers resolve the names of a website to its network address.

You can use Junos OS to configure one or more domain names. The software uses these domain names to resolve hostnames that are not fully qualified (that is, hostnames for which the domain names are missing). Being able to configure domain names is convenient because you can use a hostname in configuring and operating the software without the need to reference the full domain name. After adding name server addresses and domain names to your configuration, you can use DNS resolvable hostnames in your configurations and commands instead of IP addresses.

Optionally, instead of configuring the name server at the [edit system] hierarchy level, you can use a configuration group, as shown in this procedure. This is a recommended best practice for configuring the name server.

You can route traffic between a management routing instance and a DNS name server. After you configure a routing instance at the [edit system name-server server-ip-address] hierarchy level, the name server becomes reachable through this routing instance.

Note:

This management routing instance option is not supported for SRX Series Firewalls.

To enable a management routing instance for DNS, use the following configuration:

If you've configured the name server using a configuration group, use the [edit groups group-name system name-server] hierarchy level, which is a recommended best practice for configuring the name server.

To configure the device to resolve hostnames into addresses:

  1. Reference the IP addresses of your name servers.

    The following example shows how to reference two name servers:

  2. (Optional) Configure the routing instance for DNS.

    The following example shows how to configure the routing instance for one of the name servers:

    Remember to also configure the following:

    • management-instance statement at the [edit system] hierarchy level

    • routing-instance statement at the [edit routing-instances] hierarchy level

  3. (Optional) Configure the name of the domain in which the device itself is located.

    This is a good practice. The software then uses this configured domain name as the default domain name to append to hostnames that are not fully qualified.

    The following example shows how to configure the domain name:

  4. (Optional) Configure a list of domains to be searched.

    If your device can reach several different domains, you can configure a list of domains to be searched. Junos OS then uses this list to set an order in which it appends domain names when searching for the IP address of a host.

    The domain list can contain up to six domain names, with a total of up to 256 characters.

    The following example shows how to configure three domains to be searched. This example configures the software to search the company.net domain, next the domainone.net domain, and finally the domainonealternate.com domain when attempting to resolve unqualified hosts.

  5. If you used a configuration group, apply the configuration group, replacing global with the appropriate group name.
  6. Commit the configuration.
  7. Verify the configuration.

    If you've configured your name server with the hostname and an IP address for your device, you can issue the following commands to confirm that DNS is working and reachable. You can either use the configured hostname to confirm resolution to the IP address or use the IP address of your device to confirm resolution to the configured hostname.

    For example: