The security device incorporates Domain Name System (DNS) support, allowing you to use domain names for identifying locations. DNS translation supports the following services:
|
|
Note: The server IP addresses for each service above must also accept domain names.
A Domain Name Server (DNS) keeps a table of the IP addresses associated with domain names. Using DNS makes it possible to reference locations by domain name (such as www.juniper.net) instead of using the routable IP address, which is 207.17.137.68 for www.juniper.net.
Before you can use DNS names with the services described above, you must configure DNS servers.
Enter the necessary information:
Host Name: Enter the name of the security Device. The default name is based on the model of the device, for example ns208, ns500.
Domain Name: Enter the domain name. You must fill this in if you want Domain Name System (DNS) name/address resolution to work.
Primary DNS Server: Enter the IP address of your primary DNS server. Enter the Src Interface of the Primary DNS Server to enable DNS lookup for SCEP.
Secondary DNS Server: Enter the IP address of your secondary DNS server. Enter the Src Interface of the Secondary DNS Server to enable DNS lookup for SCEP.
Tertiary DNS Server: Enter the IP address of your tertiary DNS server. Enter the Src Interface of the Tertiary DNS Server to enable DNS lookup for SCEP.
DNS refresh every day at: Allows you to specify a daily time (in 24 hour format) or an interval of time at which the security device resolves DNS settings.
Clicking the Refresh button forces the security device to do a DNS lookup. For more information on the functions of the Refresh button, see "DNS Lookup".
Click Apply to save your configuration.
The security device lookup is subject to several conditions:
The DNS lookup is performed as soon as you click Apply or OK on a page that supports the DNS service.
When a DNS lookup returns multiple entries, the address book accepts all entries. The other services mentioned in the "Domain Name System Support" section accept only the first one.
When you refresh a lookup using the Refresh button, the security device reinstalls all policies if it finds that anything in the domain name table has changed.
The security device must do a new lookup once a day (this process can be automated, through the DNS refresh every day at and Interval <4, 8, 12, 24> Hours options).
If the DNS server fails, the security device looks up everything again.
If a lookup fails, the security device removes the entry from the cache table.
If the domain name lookup fails when adding an address to the address book or when using a hostname (or hostname + domain name) to define the address of a remote VPN gateway, the security device displays an error message and prompts you to choose to continue adding the entry to the address book or not.
To view a report of the DNS lookup, click Show DNS Table. The report lists all the domain names that were searched for:
Name: Indicates the domain name that was searched.
IP Address: Indicates the IP addresses of the domain.
Status: Indicates if the lookup was successful or if it failed.
Last Lookup: Indicates the date and time of the last DNS lookup.