Using dynamic DNS at SRX with non DYNDNS service provider

Leave a reply

When placing a network equipment without a static IP address, the best way to remote access to the device is by using the dynamic DNS service. Juniper has import this feature into their network security products such as Netscreen ScreenOS and JunOS SRX.
I recently has replaced my SSG with the SRX, and am having trouble updating the DDNS record with the built-in DDNS feature. What happen is SRX only offer 2 options of “dyndns.org or ddo.jp”, any service other than these 2 are out of questions. Since I am using HE.net for DDNS, that does not do my any good.
 
20160521-DDNS-SRX_DDNS_server
So my work around is: to map the dyndns domain name to a HE.net dns server IP address with the following command. The command below is to bind the members.dyndns.org (the dyndns.org DDNS service domain name) to the IP address of 184.105.242.3 (the DDNS service domain name).
 
set system static-host-mapping members.dyndns.org inet 184.105.242.3
20160521-DDNS-ping_updated_ip
 
 
Result: The last response = nochg. It means the ddns is updated to the DDNS service and the IP address remain unchange. So this is a positive result in our case.
20160521-DDNS_show_ddns_result
Readers might have a question of ” hey, the result is showing member.dyndns.org, how do i know this service is updated to he.net DDNS server?”
By pinging the member.dyndns.org, we know the IP address of this domain name is 204.13.248.111. This result is captured before applying the static IP address mapping.
20160521-DDNS-dyndns_IP
 
 

Troubles went through before getting this work.
1st failed attempt:
Before coming up with the domain name  to IP static mapping solution. I was thinking of using a plain old mapping at /etc/hosts. It seems to be working fine when I add the mapping at the hosts file below.
20160521-DDNS-etchost
But once I apply a new configuration at the SRX, the DDNS service does not able to update, because the last response shown as “badauth”. So I do the ping and dump, and found that the member.dyndns.org has changed back to the original IP address, and the static mapping at hosts file was gone.
20160521-DDNS-show_DDNS_bad_result20160521-DDNS-dyndns_IP
 
 
 
 
TCPDUMP when using static map at /etc/hosts file:
20160521-DDNS-tcpdump_before
TCPDUMP after apply static map at configuration file:
20160521-DDNS-tcpdump_after
2nd failed attempt:
Since mapping the “members.dyndns.org” to “HE.net IP address” could be a solution, but IP binding record will change from time to time, and it might become non-functionable if HE.net has updated or change their dyn.dns.he.net IP record. I have decided to map an alias of “members.dyndns.org” to “dyn.dns.he.net” to overcome this issue.  But the out come mapping alias does not work as expected. After mapping the alias, the “member.dyndns.org” did not associated to the “dyn.dns.he.net” IP address as planned. So I have abandon this case.
set system static-host-mapping members.dyndns.org alias dyn.dns.he.net
awong@SRX-Gateway# run ping members.dyndns.org
PING members.dyndns.org (204.13.248.111): 56 data bytes
64 bytes from 204.13.248.111: icmp_seq=0 ttl=49 time=234.277 ms
64 bytes from 204.13.248.111: icmp_seq=1 ttl=49 time=230.672 ms

Conclusion:
Although the Juniper SRX device does not provide other Dyndns service provider options nor allow custom DDNS setting, the work around of mapping the member.dyndns.org to the third party DDNS provider could be an option too. This work around has a major issue of not able to update the DDNS record if third party DDNS provider updates their DDNS service IP address binding. Therefore a frequents manual IP address check is required by the user who use this approach.

Leave a Reply

Your email address will not be published. Required fields are marked *