You are a network administrator for a large enterprise. You have a Juniper SRX firewall that is used as the primary internet gateway. Users are reporting that they are unable to access certain external websites. You check the device and find that the security policies appear correct, and the routing is in place. You suspect that the issue might be related to the DNS resolution. You want to verify that the device can resolve DNS names and that the DNS server configuration is correct. Which command should you use to test DNS resolution from the Juniper device?
Pinging a hostname will trigger DNS resolution; if it fails, DNS may be misconfigured.
Why this answer
Option B is correct because the `ping` command with a fully qualified domain name (FQDN) forces the Juniper device to perform a DNS resolution before sending ICMP echo requests. If the device cannot resolve the FQDN, the ping will fail with a 'hostname not found' error, directly indicating a DNS configuration or reachability issue. This tests both the DNS server configuration and the device's ability to resolve names, which is essential for verifying DNS functionality.
Exam trap
The trap here is that candidates often confuse `show dns name-server` with a valid operational command, but Junos uses `show configuration system name-server` to view DNS server settings, and the `ping` command with an FQDN is the standard method to test live DNS resolution from the device.
How to eliminate wrong answers
Option A is wrong because `show system connections` displays active TCP/UDP connections and their states, not DNS resolution capabilities or configuration. Option C is wrong because `traceroute` with an FQDN also triggers DNS resolution, but it is designed to trace the path to the destination and is less direct for simply testing DNS resolution; a failed traceroute could be due to routing or firewall issues rather than DNS. Option D is wrong because `show dns name-server` is not a valid Junos command; the correct command to view DNS server configuration is `show configuration system name-server`.