DDNS at ScreenOS

Leave a reply

Dynamic Domain Name Service (DDNS) is not anything new from the last decade. It associates a domain name to an IP address that changes over time. Users could access to the resources behind a dynamic IP address assigned CPE with an easily memorized domain name instead.
In this post, I ll post the procedure of setting up DDNS at ScreenOS using NO-IP DDNS service with SSL enabled in GUI. One of ScreenOS’ beauties is the GUI management.

  1.  Go to: “Network” -> “DNS” -> “DDNS”
  2.  Check “Config DDNS Client” and “Enable DDNS Client” and click “Apply”
  3.  Click “New” button to setup a DDNS service.
  4.  Fill in the blanks and it should be
    1. For server type: “dyndns”
    2. Server name: “dynupdate.no-ip.com”
    3. Refresh Interval: “3”
    4. Minimum Update Interval: “60”
    5. Clear text: “uncheck” (unchecking this option makes the DDNS update via https)
    6. Username and Password: (input the one you have registered with at the NO-IP web site.)
    7. Agent: “we could let the ScreenOS to fill in itself”
    8. Bind to Interface: (select the WAN interface that is connecting to the internet.)
    9. Host Name: (host name is the DDNS name you have registered at NO-IP web site.)
    10. Service: “dyndns”
  5.  Click “OK” after finished.
  6.  In this case, it should not work with the following error because the geotrust cert needs to be installed.Screenshot from 2015-09-10 22:46:47
  7.  The Juniper web site has a guide of installing the Geotrust cert. The following URL from the official Juniper web page describes the procedure of the cert installation.ref: http://kb.juniper.net/InfoCenter/index?page=content&id=KB7380
    1. Download the cert: http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority_DER.cer
    2. install the cert at GUI:
      1. Go to “Object” -> “Certificates”
      2. click “Browse” to select the file.cer and click “Load”
    3. Once it is done, your Cert page should look like this.Screenshot from 2015-09-22 22:15:15
  8.  Now the DDNS update via HTTPS should update successfully with the “Last-response” of “Good” at “Network” -> “DNS” -> “DDNS” page.

To verify the DDNS with dynamic IP address association, logging back into the NO-IP website should have the record of the WAN IP address of the firewall bind to DDNS host address.

Leave a Reply

Your email address will not be published. Required fields are marked *