{"id":724,"date":"2016-05-21T10:48:23","date_gmt":"2016-05-21T02:48:23","guid":{"rendered":"https:\/\/networkingnotesblog.wordpress.com\/?p=724"},"modified":"2016-05-21T10:48:23","modified_gmt":"2016-05-21T02:48:23","slug":"using-dynamic-dns-at-srx-with-non-dyndns-service-provider","status":"publish","type":"post","link":"http:\/\/notes4it.com\/?p=724","title":{"rendered":"Using dynamic DNS at SRX with non DYNDNS service provider"},"content":{"rendered":"

When placing a network equipment without a static IP address, the best way to remote access to the device is by using the dynamic DNS service. Juniper has import this feature into their network security products such as Netscreen ScreenOS and JunOS SRX.
\nI recently has replaced my SSG with the SRX, and am having trouble updating the DDNS record with the built-in DDNS feature. What happen is SRX only offer 2 options of “dyndns.org or ddo.jp”, any service other than these 2 are out of questions. Since I am using HE.net for DDNS, that does not do my any good.
\n 
\n\"20160521-DDNS-SRX_DDNS_server\"<\/a>
\nSo my work around is: to map the dyndns domain name to a HE.net dns server IP address with the following command. The command below is to bind the members.dyndns.org (the dyndns.org DDNS service domain name) to the IP address of 184.105.242.3 (the DDNS service domain name).
\n 
\nset system static-host-mapping members.dyndns.org inet 184.105.242.3
\n\"20160521-DDNS-ping_updated_ip\"<\/a>
\n 
\n 
\nResult: The last response = nochg. It means the ddns is updated to the DDNS service and the IP address remain unchange. So this is a positive result in our case.
\n\"20160521-DDNS_show_ddns_result\"<\/a>
\nReaders might have a question of ” hey, the result is showing member.dyndns.org, how do i know this service is updated to he.net DDNS server?”
\nBy pinging the member.dyndns.org, we know the IP address of this domain name is 204.13.248.111. This result is captured before applying the static IP address mapping.
\n\"20160521-DDNS-dyndns_IP\"<\/a>
\n 
\n <\/p>\n

\n

Troubles went through before getting this work.
\n1st failed attempt:
\nBefore coming up with the domain name\u00a0 to IP static mapping solution. I was thinking of using a plain old mapping at \/etc\/hosts. It seems to be working fine when I add the mapping at the hosts file below.
\n\"20160521-DDNS-etchost\"<\/a>
\nBut once I apply a new configuration at the SRX, the DDNS service does not able to update, because the last response shown as “badauth”. So I do the ping and dump, and found that the member.dyndns.org has changed back to the original IP address, and the static mapping at hosts file was gone.
\n\"20160521-DDNS-show_DDNS_bad_result\"<\/a>\"20160521-DDNS-dyndns_IP\"<\/a>
\n 
\n 
\n 
\n 
\nTCPDUMP when using static map at \/etc\/hosts file:
\n\"20160521-DDNS-tcpdump_before\"<\/a>
\nTCPDUMP after apply static map at configuration file:
\n\"20160521-DDNS-tcpdump_after\"<\/a>
\n2nd failed attempt:
\nSince mapping the “members.dyndns.org” to “HE.net IP address” could be a solution, but IP binding record will change from time to time, and it might become non-functionable if HE.net has updated or change their dyn.dns.he.net IP record. I have decided to map an alias of “members.dyndns.org” to “dyn.dns.he.net” to overcome this issue.\u00a0 But the out come mapping alias does not work as expected. After mapping the alias, the “member.dyndns.org” did not associated to the “dyn.dns.he.net” IP address as planned. So I have abandon this case.
\nset system static-host-mapping members.dyndns.org alias dyn.dns.he.net
\nawong@SRX-Gateway# run ping members.dyndns.org
\nPING members.dyndns.org (204.13.248.111): 56 data bytes
\n64 bytes from 204.13.248.111: icmp_seq=0 ttl=49 time=234.277 ms
\n64 bytes from 204.13.248.111: icmp_seq=1 ttl=49 time=230.672 ms<\/p>\n

\n

Conclusion:
\nAlthough the Juniper SRX device does not provide other Dyndns service provider options nor allow custom DDNS setting, the work around of mapping the member.dyndns.org to the third party DDNS provider could be an option too. This work around has a major issue of not able to update the DDNS record if third party DDNS provider updates their DDNS service IP address binding. Therefore a frequents manual IP address check is required by the user who use this approach.<\/p>\n","protected":false},"excerpt":{"rendered":"

When placing a network equipment without a static IP address, the best way to remote access to the device is by using the dynamic DNS service. Juniper has import this feature into their network security products such as Netscreen ScreenOS and JunOS SRX. I recently has replaced my SSG with the SRX, and am having […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[34,42,60,79,90,169,173],"class_list":["post-724","post","type-post","status-publish","format-standard","hentry","category-networking","tag-ddns-en","tag-dynamic-dns-en","tag-he-net-en","tag-ip-binding-en","tag-juniper-en","tag-srx-en","tag-static-host-mapping-en"],"_links":{"self":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=724"}],"version-history":[{"count":0,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/724\/revisions"}],"wp:attachment":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=724"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}