Using dynamic DNS at SRX with non DYNDNS service provider

When placing a network equipment without a static IP address, the best way to remote access to the device is by using the dynamic DNS service. Juniper has import this feature into their network security products such as Netscreen ScreenOS and JunOS SRX.

I recently has replaced my SSG with the SRX, and am having trouble updating the DDNS record with the built-in DDNS feature. What happen is SRX only offer 2 options of “ or”, any service other than these 2 are out of questions. Since I am using for DDNS, that does not do my any good.



So my work around is: to map the dyndns domain name to a dns server IP address with the following command. The command below is to bind the (the DDNS service domain name) to the IP address of (the DDNS service domain name).


set system static-host-mapping inet




Result: The last response = nochg. It means the ddns is updated to the DDNS service and the IP address remain unchange. So this is a positive result in our case.


Readers might have a question of ” hey, the result is showing, how do i know this service is updated to DDNS server?”

By pinging the, we know the IP address of this domain name is This result is captured before applying the static IP address mapping.




Troubles went through before getting this work.

1st failed attempt:

Before coming up with the domain name  to IP static mapping solution. I was thinking of using a plain old mapping at /etc/hosts. It seems to be working fine when I add the mapping at the hosts file below.


But once I apply a new configuration at the SRX, the DDNS service does not able to update, because the last response shown as “badauth”. So I do the ping and dump, and found that the has changed back to the original IP address, and the static mapping at hosts file was gone.






TCPDUMP when using static map at /etc/hosts file:

TCPDUMP after apply static map at configuration file:

2nd failed attempt:

Since mapping the “” to “ IP address” could be a solution, but IP binding record will change from time to time, and it might become non-functionable if has updated or change their IP record. I have decided to map an alias of “” to “” to overcome this issue.  But the out come mapping alias does not work as expected. After mapping the alias, the “” did not associated to the “” IP address as planned. So I have abandon this case.

set system static-host-mapping alias

awong@SRX-Gateway# run ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=49 time=234.277 ms
64 bytes from icmp_seq=1 ttl=49 time=230.672 ms


Although the Juniper SRX device does not provide other Dyndns service provider options nor allow custom DDNS setting, the work around of mapping the to the third party DDNS provider could be an option too. This work around has a major issue of not able to update the DDNS record if third party DDNS provider updates their DDNS service IP address binding. Therefore a frequents manual IP address check is required by the user who use this approach.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s