JunOS : Configure DNS forwarders on SRX device

By | July 22, 2019

If you want your SRX firewall to handle DNS requests on your network, you need to configure the forwarders to make this possible, in addition to a few other parameters.

First, make sure you have no local forwarders set on the device itself as it cannot be used along with the dns-proxy service – if you have any configured, they should be all removed :

Then, follow the step-by-step procedure below :

1. Configure the DNS proxy setting on the desired interface(s) where it should listen for DNS requests :

2. Configure the DNS resolver(s) where the requests will be resolved from (aka your ISPs or any public DNS service) :

3. Allow DNS traffic on the security zone :

4. Apply the configuration (use “commit synchronize” if you are running HA) :

Here is a sample of how it would look like :