Netscreen 25 Search Domain Configuration

We set up an old Junper Netscreen 25 firewall/router to partition off a part of the local LAN and free up some IPs. We put about 30-40 clients devices on it and the router worked fine other than being limited to 100BaseT.

The problem was, DHCP clients were getting “netscreen-25” as the search domain. The PC’s were only slowed down a tad, but some CentOS machines got severe indigestion, name resolution-wise. Manually removing the “netscreen-25” SPAM from /etc/resolv.conf solved that problem. The web interface had no knobs or switches to control this behavior.

The solution was to issue the following command for each interface on which DHCP info was being handed out:

set interface ethernet2 dhcp server option domainname ourthing.local

Obviously, above you’ll replace “ourthing.local” with the domain you want searched first (for unqualified names). Replace the ethernet interface number as appropriate. I didn’t get a chance to figure out how to have nothing handed out there; if you have please let us know in a comment!

The hurt about using this rig is that it doesn’t support IGRP (although it supports BGP and OSPF!) and it doesn’t provide much in the way of reporting. In our case, it didn’t cost anything and helped make more room in the discard pile. The Netscreen 25 has an MTBF of 8.1 years, according to Juniper. Older models may not have the Juniper name on the face.

For the best synopsis of this old rig I could find as of this writing, look here.