[j-nsp] DNS

Barny Sanchez barnys at juniper.net
Mon Mar 1 08:10:43 EST 2010


1) Can you verify that you can ping from FW2 to 4.2.2.2?.  If it works, then probably you have a DNS misconfigured.
2) If the previous doesn't work, can you verity that you have a correct routing in place and also that FW1 has a proper policy in place, you can start by testing with a any to any policy.


This is the bare minimal things to check, but there are other problems to consider, such as:
1) NAT misconfiguration.
2) Routing missconfiguration.
3) Without knowing anyting more about your environment, could be a vsys problem (high-end firewalls).
4) VPNs involved?

Thanks,



Barny Sanchez | Consulting Engineer - Security Systems | Juniper Networks




On Mar 1, 2010, at 7:04 AM, SunnyDay wrote:

Hello
I Have 2 netscreen firewall connected on behind the other.
                    eth0    eth1       eth3
internet     <-------FW1<---------->FW2

My problem is that FW2 from the cli is not able to do name resolution.eg:
ping www.google.com.FW1<http://www.google.com.FW1> is able to ping www.google.com<http://www.google.com>
I configured on FW2 open dns with source interface eth3 with no luck any
ideas?

Regards
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list