Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
external-header-nav
keyboard_arrow_up
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Understanding and Configuring DNS

date_range 14-Jan-25

DNS Overview

A Domain Name System (DNS) is a distributed hierarchical system that converts hostnames to IP addresses. The DNS is divided into sections called zones. Each zone has name servers that respond to the queries belonging to their zones.

DNS Components

DNS includes three main components:

  • DNS resolver: Resides on the client side of the DNS. When a user sends a hostname request, the resolver sends a DNS query request to the name servers to request the hostname's IP address.

  • Name servers: Processes the DNS query requests received from the DNS resolver and returns the IP address to the resolver.

  • Resource records: Data elements that define the basic structure and content of the DNS.

DNS Server Caching

DNS name servers provide a hostname's IP address to users. The TTL field in the resource record defines the period for which DNS query results are cached. When the TTL value expires, the name server sends a fresh DNS query and updates the cache.

Configure a DNS Name Server for Resolving Hostnames into Addresses

You use Domain Name System (DNS) name servers to resolve hostnames to IP addresses.

Before you begin, configure your name servers with the hostname and an IP address for your Juniper Networks device. It does not matter which IP address you assign as the address of your device in the name server, as long it is an address that reaches your device. Normally, you would use the management interface IP address, but you can choose the loopback interface IP address or a network interface IP address. You can even configure multiple addresses on the name server.

Configure your Juniper Networks device to use one or more name servers. For redundancy, as a best practice, configure access to multiple name servers, up to a maximum of three servers. The system uses only the first three configured name servers even if you configure additional servers. The approach is similar to the way Web browsers resolve the names of a website to its network address.

You can use Junos OS to configure one or more domain names. The software uses these domain names to resolve hostnames that are not fully qualified (that is, hostnames for which the domain names are missing). Being able to configure domain names is convenient because you can use a hostname in configuring and operating the software without the need to reference the full domain name. After adding name server addresses and domain names to your configuration, you can use DNS resolvable hostnames in your configurations and commands instead of IP addresses.

You can route traffic between a management routing instance and a DNS name server. After you configure a routing instance at the [edit system name-server server-ip-address] hierarchy level, the name server becomes reachable through this routing instance.

Note:

This management routing instance option is not supported for SRX Series Firewalls.

To enable a management routing instance for DNS, use the following configuration:

content_copy zoom_out_map
user@host# set system management-instance
user@host# set routing-instances mgmt_junos description description
user@host# set system name-server server-ip-address routing-instance mgmt_junos

Optionally, instead of configuring the name server at the [edit system] hierarchy level, you can use a configuration group, as shown in this procedure. This is a recommended best practice for configuring the name server.

To configure the device to resolve hostnames into addresses:

  1. Reference the IP addresses of your name servers.
    content_copy zoom_out_map
    [edit groups group-name system]
    name-server {
        address;
    }
    

    The following example shows how to reference two name servers:

    content_copy zoom_out_map
    [edit groups global system]
    user@host# set name-server 192.168.1.253
    user@host# set name-server 192.168.1.254
    user@host# show
    name server {
        192.168.1.253;
        192.168.1.254;
    }
    
  2. (Optional) Configure the routing instance for DNS.

    The following example shows how to configure the routing instance for one of the name servers:

    content_copy zoom_out_map
    [edit groups global system]
    user@host# set name-server 192.168.1.253 routing-instance mgmt_junos
    

    Remember to also configure the following:

    • management-instance statement at the [edit system] hierarchy level

    • routing-instance statement at the [edit routing-instances] hierarchy level

  3. (Optional) Configure the name of the domain in which the device itself is located.

    This is a good practice. The software then uses this configured domain name as the default domain name to append to hostnames that are not fully qualified.

    content_copy zoom_out_map
    [edit system]
    domain-name domain-name;
    

    The following example shows how to configure the domain name:

    content_copy zoom_out_map
    [edit groups global system]
    user@host# set domain-name company.net
    user@host# show
    domain-name company.net;
    
  4. (Optional) Configure a list of domains to be searched.

    If your device can reach several different domains, you can configure a list of domains to be searched. Junos OS then uses this list to set an order in which it appends domain names when searching for the IP address of a host.

    content_copy zoom_out_map
    [edit groups global system]
    domain-search [ domain-list ];
    

    The domain list can contain up to six domain names, with a total of up to 256 characters.

    The following example shows how to configure three domains to be searched. This example configures the software to search the company.net domain, next the domainone.net domain, and finally the domainonealternate.com domain when attempting to resolve unqualified hosts.

    content_copy zoom_out_map
    [edit groups global system]
    domain-search [ company.net domainone.net domainonealternate.com ]
    
  5. If you used a configuration group, apply the configuration group, replacing global with the appropriate group name.
    content_copy zoom_out_map
    [edit]
    user@host# set apply-groups global
    
  6. Commit the configuration.
    content_copy zoom_out_map
    user@host# commit
    
  7. Verify the configuration.

    If you've configured your name server with the hostname and an IP address for your device, you can issue the following commands to confirm that DNS is working and reachable. You can either use the configured hostname to confirm resolution to the IP address or use the IP address of your device to confirm resolution to the configured hostname.

    content_copy zoom_out_map
    user@host> show host host-name
    user@host> show host host-ip-address

    For example:

    content_copy zoom_out_map
    user@host> show host device.example.net
    device.example.net 
    device.example.net has address 192.168.187.1
    content_copy zoom_out_map
    user@host> show host 192.168.187.1
    10.187.168.192.in-addr.arpa domain name pointer device.example.net.
external-footer-nav