Using dynamic DNS at SRX with non DYNDNS service provider

When placing a network equipment without a static IP address, the best way to remote access to the device is by using the dynamic DNS service. Juniper has import this feature into their network security products such as Netscreen ScreenOS and JunOS SRX.

I recently has replaced my SSG with the SRX, and am having trouble updating the DDNS record with the built-in DDNS feature. What happen is SRX only offer 2 options of “dyndns.org or ddo.jp”, any service other than these 2 are out of questions. Since I am using HE.net for DDNS, that does not do my any good.

 

20160521-DDNS-SRX_DDNS_server

So my work around is: to map the dyndns domain name to a HE.net dns server IP address with the following command. The command below is to bind the members.dyndns.org (the dyndns.org DDNS service domain name) to the IP address of 184.105.242.3 (the DDNS service domain name).

 

set system static-host-mapping members.dyndns.org inet 184.105.242.3

20160521-DDNS-ping_updated_ip

 

 

Result: The last response = nochg. It means the ddns is updated to the DDNS service and the IP address remain unchange. So this is a positive result in our case.

20160521-DDNS_show_ddns_result

Readers might have a question of ” hey, the result is showing member.dyndns.org, how do i know this service is updated to he.net DDNS server?”

By pinging the member.dyndns.org, we know the IP address of this domain name is 204.13.248.111. This result is captured before applying the static IP address mapping.

20160521-DDNS-dyndns_IP

 

 


Troubles went through before getting this work.

1st failed attempt:

Before coming up with the domain name  to IP static mapping solution. I was thinking of using a plain old mapping at /etc/hosts. It seems to be working fine when I add the mapping at the hosts file below.

20160521-DDNS-etchost

But once I apply a new configuration at the SRX, the DDNS service does not able to update, because the last response shown as “badauth”. So I do the ping and dump, and found that the member.dyndns.org has changed back to the original IP address, and the static mapping at hosts file was gone.

20160521-DDNS-show_DDNS_bad_result20160521-DDNS-dyndns_IP

 

 

 

 

TCPDUMP when using static map at /etc/hosts file:
20160521-DDNS-tcpdump_before

TCPDUMP after apply static map at configuration file:
20160521-DDNS-tcpdump_after

2nd failed attempt:

Since mapping the “members.dyndns.org” to “HE.net IP address” could be a solution, but IP binding record will change from time to time, and it might become non-functionable if HE.net has updated or change their dyn.dns.he.net IP record. I have decided to map an alias of “members.dyndns.org” to “dyn.dns.he.net” to overcome this issue.  But the out come mapping alias does not work as expected. After mapping the alias, the “member.dyndns.org” did not associated to the “dyn.dns.he.net” IP address as planned. So I have abandon this case.

set system static-host-mapping members.dyndns.org alias dyn.dns.he.net

awong@SRX-Gateway# run ping members.dyndns.org
PING members.dyndns.org (204.13.248.111): 56 data bytes
64 bytes from 204.13.248.111: icmp_seq=0 ttl=49 time=234.277 ms
64 bytes from 204.13.248.111: icmp_seq=1 ttl=49 time=230.672 ms


Conclusion:

Although the Juniper SRX device does not provide other Dyndns service provider options nor allow custom DDNS setting, the work around of mapping the member.dyndns.org to the third party DDNS provider could be an option too. This work around has a major issue of not able to update the DDNS record if third party DDNS provider updates their DDNS service IP address binding. Therefore a frequents manual IP address check is required by the user who use this approach.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s