Which feature would you configure on the SRX Series device to solve this issue?

Exhibit:

Host A shown in the exhibit is attempting to reach the Web1 webserver, but the connection is failing. Troubleshooting reveals that when Host A attempts to resolve the domain name of the server (web.acme.com), the request is resolved to the private address of the server rather than its public IP.

Which feature would you configure on the SRX Series device to solve this issue?

A. Persistent NAT

B. Double NAT

C. DNS doctoring

D. STUN protocol

Answer: C

Explanation:

DNS doctoring modifies DNS responses for hosts behind NAT devices, allowing them to receive the correct public IP address for internal resources when queried from the public network. This prevents issues where private IPs are returned and are not reachable externally. For details, visit Juniper DNS Doctoring Documentation.

In this scenario, Host A is trying to resolve the domain name web.acme.com, but the DNS resolution returns the private IP address of the web server instead of its public IP. This is a common issue in networks where private addresses are used internally, but public addresses are required for external clients.

Explanation of Answer C (DNS Doctoring):

DNS doctoring is a feature that modifies DNS replies as they pass through the SRX device. In this case, DNS doctoring can be used to replace the private IP address returned in the DNS response with the correct public IP address for Host A. This allows external clients to reach internal resources without being aware of their private IP addresses.

Configuration Example:

bash

set security nat dns-doctoring from-zone untrust to-zone trust

Juniper Security

Reference: DNS Doctoring Overview: DNS doctoring is used to modify DNS responses so that external clients can

access internal resources using public IP addresses.

Reference: Juniper DNS Doctoring Documentation.

Latest JN0-637 Dumps Valid Version with 115 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments