siehe auch http://www.krakovic.de/juniper-proxy-dns/
On what Interface should Proxy DNS be set?
Problem or Goal:
Juniper firewall is not using DNS servers configured on Proxy DNS configuration.
Ensure the Proxy DNS option is selected on the ScreenOS Interface configuration web page (Network > Interfaces) for all interfaces that are receiving DNS queries and need to be forwarded to the appropriate DNS servers as configured on the DNS Proxy Configuration web page (Network > DNS > Proxy )
Client (192.168.1.5)——-192.168.1.1 (Trust) Netscreen (Untrust) 220.127.116.11 ———–Internet
In the sample network, the Firewall should have following command:
set interface trust proxy dns