[j-nsp] SRX DNS Forwarding - helpers domain

Tim Eberhard xmin0s at gmail.com
Tue Jun 26 10:05:46 EDT 2012


A quick search on that error message says it's a return routing issue.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21363&cat=JUNOS&actp=LIST


-Tim Eberhard

On Tue, Jun 26, 2012 at 8:03 AM, flip at flipstar.net <flip at flipstar.net> wrote:
> Hey everybody,
>
> I wonder if anybody is successfully using "forwarding-options helpers
> domain" (DNS) [1] on branch SRX?
>
> In my setup the client queries the srx which forwards the request to the dns
> server.
> The dns sends a reply that never passes the srx back to the client.
>
>      Client                   SRX                 DNS
> 192.168.200.105   ->      192.168.200.1   ->   10.100.1.20
>                        x                 <-
>
> Junos 11.4R3.7
>
> pw at srx650-1# show forwarding-options helpers domain
> server 10.100.1.20;
> interface {
>    reth0.1052;
>    reth0.1053;
>    reth0.1051;
> }
>
> The reply from the dns server is dropped in the srx :-(
>
>
> Jun 26 14:51:17
> 14:51:16.1467499:CID-1:RT:<10.100.1.20/53->192.168.200.105/51651;17> matched
> filter dns_to_cli:
> Jun 26 14:51:17 14:51:16.1467499:CID-1:RT:packet [68] ipid = 64549,
> @43e92fa4
> Jun 26 14:51:17 14:51:16.1467700:CID-1:RT:---- flow_process_pkt: (thd 4):
> flow_ctxt type 14, common flag 0x0, mbuf 0x43e92d80, rtbl_idx = 0
> Jun 26 14:51:17 14:51:16.1467700:CID-1:RT: flow process pak fast ifl 107
> in_ifp reth0.1051
> Jun 26 14:51:17 14:51:16.1467700:CID-1:RT: find flow: table 0x51f8bd18, hash
> 42509(0xffff), sa 10.100.1.20, da 192.168.200.105, sp 53, dp 51651, proto
> 17, tok 10
> Jun 26 14:51:17 14:51:16.1467768:CID-1:RT:  flow got session.
> Jun 26 14:51:17 14:51:16.1467768:CID-1:RT: flow fast tcp/udp session id
> 268027
> Jun 26 14:51:17 14:51:16.1467784:CID-1:RT:  route lookup failed: dest-ip
> 192.168.200.105 orig ifp .local..0 output_ifp reth0.1052 fto 0x492786e8
> orig-zone 2 out-zone 11 vsd 0
> Jun 26 14:51:17 14:51:16.1467784:CID-1:RT:  packet dropped,   pak dropped
> since re-route failed
>
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Jun 26 14:51:17 14:51:16.1467784:CID-1:RT: ----- flow_process_pkt rc 0x7 (fp
> rc -1)
>
>
> Regards
> flip
>
>
> [1]
> https://www.juniper.net/techpubs/en_US/junos11.4/topics/usage-guidelines/policy-configuring-dns-and-tftp-packet-forwarding.html
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list