When placing a network equipment without a static IP address, the best way to remote access to the device is by using the dynamic DNS service. Juniper has import this feature into their network security products such as Netscreen ScreenOS and JunOS SRX.
I recently has replaced my SSG with the SRX, and am having trouble updating the DDNS record with the built-in DDNS feature. What happen is SRX only offer 2 options of “dyndns.org or ddo.jp”, any service other than these 2 are out of questions. Since I am using HE.net for DDNS, that does not do my any good.
So my work around is: to map the dyndns domain name to a HE.net dns server IP address with the following command. The command below is to bind the members.dyndns.org (the dyndns.org DDNS service domain name) to the IP address of 220.127.116.11 (the DDNS service domain name).
set system static-host-mapping members.dyndns.org inet 18.104.22.168
Result: The last response = nochg. It means the ddns is updated to the DDNS service and the IP address remain unchange. So this is a positive result in our case.
Readers might have a question of ” hey, the result is showing member.dyndns.org, how do i know this service is updated to he.net DDNS server?”
By pinging the member.dyndns.org, we know the IP address of this domain name is 22.214.171.124. This result is captured before applying the static IP address mapping.
Troubles went through before getting this work.
1st failed attempt:
Before coming up with the domain name to IP static mapping solution. I was thinking of using a plain old mapping at /etc/hosts. It seems to be working fine when I add the mapping at the hosts file below.
But once I apply a new configuration at the SRX, the DDNS service does not able to update, because the last response shown as “badauth”. So I do the ping and dump, and found that the member.dyndns.org has changed back to the original IP address, and the static mapping at hosts file was gone.
2nd failed attempt:
Since mapping the “members.dyndns.org” to “HE.net IP address” could be a solution, but IP binding record will change from time to time, and it might become non-functionable if HE.net has updated or change their dyn.dns.he.net IP record. I have decided to map an alias of “members.dyndns.org” to “dyn.dns.he.net” to overcome this issue. But the out come mapping alias does not work as expected. After mapping the alias, the “member.dyndns.org” did not associated to the “dyn.dns.he.net” IP address as planned. So I have abandon this case.
set system static-host-mapping members.dyndns.org alias dyn.dns.he.net
awong@SRX-Gateway# run ping members.dyndns.org
PING members.dyndns.org (126.96.36.199): 56 data bytes
64 bytes from 188.8.131.52: icmp_seq=0 ttl=49 time=234.277 ms
64 bytes from 184.108.40.206: icmp_seq=1 ttl=49 time=230.672 ms
Although the Juniper SRX device does not provide other Dyndns service provider options nor allow custom DDNS setting, the work around of mapping the member.dyndns.org to the third party DDNS provider could be an option too. This work around has a major issue of not able to update the DDNS record if third party DDNS provider updates their DDNS service IP address binding. Therefore a frequents manual IP address check is required by the user who use this approach.