[j-nsp] SRX DNS Forwarding - helpers domain

flip at flipstar.net flip at flipstar.net
Wed Jun 27 02:17:12 EDT 2012 

Thanks for the hint Tim.

The workaround is not to practical in my case - hope this
gets fixed soon.

Regards
flip

On 26.06.2012 16:05, Tim Eberhard wrote:
> A quick search on that error message says it's a return routing issue.
>
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB21363&cat=JUNOS&actp=LIST
>
>
> -Tim Eberhard
>
> On Tue, Jun 26, 2012 at 8:03 AM, flip at flipstar.net<flip at flipstar.net>  wrote:
>> Hey everybody,
>>
>> I wonder if anybody is successfully using "forwarding-options helpers
>> domain" (DNS) [1] on branch SRX?
>>
>> In my setup the client queries the srx which forwards the request to the dns
>> server.
>> The dns sends a reply that never passes the srx back to the client.
>>
>>       Client                   SRX                 DNS
>> 192.168.200.105   ->        192.168.200.1   ->     10.100.1.20
>>                         x<-
>>
>> Junos 11.4R3.7
>>
>> pw at srx650-1# show forwarding-options helpers domain
>> server 10.100.1.20;
>> interface {
>>     reth0.1052;
>>     reth0.1053;
>>     reth0.1051;
>> }
>>
>> The reply from the dns server is dropped in the srx :-(
>>
>>
>> Jun 26 14:51:17
>> 14:51:16.1467499:CID-1:RT:<10.100.1.20/53->192.168.200.105/51651;17>  matched
>> filter dns_to_cli:
>> Jun 26 14:51:17 14:51:16.1467499:CID-1:RT:packet [68] ipid = 64549,
>> @43e92fa4
>> Jun 26 14:51:17 14:51:16.1467700:CID-1:RT:---- flow_process_pkt: (thd 4):
>> flow_ctxt type 14, common flag 0x0, mbuf 0x43e92d80, rtbl_idx = 0
>> Jun 26 14:51:17 14:51:16.1467700:CID-1:RT: flow process pak fast ifl 107
>> in_ifp reth0.1051
>> Jun 26 14:51:17 14:51:16.1467700:CID-1:RT: find flow: table 0x51f8bd18, hash
>> 42509(0xffff), sa 10.100.1.20, da 192.168.200.105, sp 53, dp 51651, proto
>> 17, tok 10
>> Jun 26 14:51:17 14:51:16.1467768:CID-1:RT:  flow got session.
>> Jun 26 14:51:17 14:51:16.1467768:CID-1:RT: flow fast tcp/udp session id
>> 268027
>> Jun 26 14:51:17 14:51:16.1467784:CID-1:RT:  route lookup failed: dest-ip
>> 192.168.200.105 orig ifp .local..0 output_ifp reth0.1052 fto 0x492786e8
>> orig-zone 2 out-zone 11 vsd 0
>> Jun 26 14:51:17 14:51:16.1467784:CID-1:RT:  packet dropped,   pak dropped
>> since re-route failed
>>
>>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> Jun 26 14:51:17 14:51:16.1467784:CID-1:RT: ----- flow_process_pkt rc 0x7 (fp
>> rc -1)
>>
>>
>> Regards
>> flip
>>
>>
>> [1]
>> https://www.juniper.net/techpubs/en_US/junos11.4/topics/usage-guidelines/policy-configuring-dns-and-tftp-packet-forwarding.html
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list