Problem and solution when the USG6000 DNS Client cannot perform dynamic domain name resolution

69

What if the firewall DNS Client cannot perform dynamic domain name resolution?
Symptom
The firewall serves as the DNS Client and has the dynamic domain name resolution function configured. However, it cannot obtain the correct IP address based on domain name resolution.

Operation steps
1. Run the display dns dynamic-host command to check whether the dynamic domain name cache information contains the specified domain name.

If no, check whether the communication between the DNS Client and DNS Server is normal, whether the DNS Server works properly, and whether the dynamic domain name resolution function has been enabled.
If yes, but the IP address is incorrect. Go to step 2.

2. Run the display dns server command to check the DNS Server configuration information. Check whether the DNS Server IP address configured on the DNS Client is correct.

If the DNS Server address is incorrect, run the undo dns server ip-address command to delete the configured DNS Server address and then run the dns server ip-address command to configure a correct DNS Server address.

Other related questions:
Problem and solution when the USG6000 virtual system cannot be configured
Check the permission of the administrator account used for login. If you use the root system administrator account to configure the virtual system, the level of the root system administrator shall be the system administrator. If you use the virtual system administrator account to configure the virtual system, the level of the virtual system administrator shall be the system administrator or the configuration administrator with the read and write permissions. Choose System > Admin > Administrator Role and configure the administrator account.

When configuring static DNS entries, do I have to enable dynamic DNS resolution
No, you do not need to enable dynamic domain name service (DNS) resolution when configuring static domain name service (DNS) entries. You must enable dynamic DNS resolution when configuring dynamic DNS entries.

How to perform DNS resolution for L2TP users on the AR
Host resolution is implemented through DNS. You can run the ip host command on the device to configure static DNS entries.

Problem and solution when a firewall cannot be added to the NMS
To solve the problem that a firewall cannot be added to the NMS (NMS workstation), perform the following steps: 1. Check whether the SNMP settings on the firewall are correct. For example, check whether the SNMP version matches the NMS. 2. Check whether the NMS is reachable to the firewall. 3. Check whether access management in SNMP mode is enabled on the interface connecting the firewall to the NMS. That is, you need to run the service-manage snmp enable command on the interface to allow the peer device to access the firewall in SNMP mode. By default, the SNMP permission of the interface is disabled. In this case, even if the security policy for the interzone between the zone where the interface resides and the Local zone is enabled, you cannot access the device through the interface. This is because that the service-manage function has a higher priority than the security policy. For details, see USG6350 can't add to the NMS server.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top