DNS Name Breakdown
For example we can break down the DNS address "www.google.com." The following zones exist in this name. We will use a handy tool called NSLookup to find the authoritative servers for each zone. Here is a link to a good web page on NSlookup.
[.] Technically the "." at the end of 'www.google.com.' is the root of the DNS hierarchy. It is implied and is usually appended automatically which is why it is not mandatory to enter a period after the URL.
[com] is the next zone, below are the authoritative servers. The authoritative name servers here would have a record for google.com.
[google] is the next zone, below are the authoritative servers. The authoritative name servers here would have a record for www.google.com.
[www] is the last zone (technically the last zone is an entity which we want an IP address for). Below the first command is looking up the authoritative name servers for the zone www.google.com. This command requests the IP address of www.google.com.
DNS Lookup Process
The lookup structure we went through above would be called a 'Iterative' lookup. In this type of lookup the first query is done at the root level and individual queries are done as you move up the hierarchy. This lookup is commonly done by DNS servers. The second type of lookup is 'recursive', in this type of lookup a single query is made for 'www.google.com' and a downstream DNS server responds. This downstream DNS server may have the results cached or it may complete an iterative lookup to find the IP address.
Basic DNS Configuration
The diagram below outlines the basic lab topology used to work through this exercise. A Windows 2008 server represents an internal domain server which is authoritative for our domain 'testdns'.
The CLI output below demonstrates that the SRX successfully resolved the name 'nas'.
The CLI output and packet captures below demonstrates that the SRX successfully resolved the name 'www.google.com'
This blog post reviewed DNS and basic configuration so that the SRX device could resolve host names. The use case where the SRX would resolve an address on behalf of a client (DNS Proxy) does not seem to be supported. The only information I could find is this knowledge base article [Does Junos Support DNS-Proxy?] outlining that the feature was removed for security reasons. I would like to know if this feature is going to be re-introduced. I can see many use cases where this feature could be used. Anyone have any information on this?