Cisco Cisco Email Security Appliance X1070 User Guide
Chapter 15 System Administration
15-60
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
•
clear DNS cache
Specifying DNS Servers
Cisco IronPort AsyncOS can use the Internet root DNS servers, your own DNS
servers, or the Internet root DNS servers and authoritative DNS servers you
specify. When using the Internet root servers, you may specify alternate servers
to use for specific domains. Since an alternate DNS server applies to a single
domain, it must be authoritative (provide definitive DNS records) for that domain.
servers, or the Internet root DNS servers and authoritative DNS servers you
specify. When using the Internet root servers, you may specify alternate servers
to use for specific domains. Since an alternate DNS server applies to a single
domain, it must be authoritative (provide definitive DNS records) for that domain.
AsyncOS supports “splitting” DNS servers when not using the Internet’s DNS
servers. If you are using your own internal server, you can also specify exception
domains and associated DNS servers.
servers. If you are using your own internal server, you can also specify exception
domains and associated DNS servers.
When setting up “split DNS,” you should set up the in-addr.arpa (PTR) entries as
well. So, for example, if you want to redirect “.eng” queries to the nameserver
1.2.3.4 and all the .eng entries are in the 172.16 network, then you should specify
“eng,16.172.in-addr.arpa” as the domains in the split DNS configuration.
well. So, for example, if you want to redirect “.eng” queries to the nameserver
1.2.3.4 and all the .eng entries are in the 172.16 network, then you should specify
“eng,16.172.in-addr.arpa” as the domains in the split DNS configuration.
Multiple Entries and Priority
For each DNS server you enter, you can specify a numeric priority. AsyncOS will
attempt to use the DNS server with the priority closest to 0. If that DNS server is
not responding AsyncOS will attempt to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then a slightly longer amount of time for the second, etc. The amount of
time depends on the exact total number of DNS servers and priorities that have
been configured. The timeout length is the same for all IP addresses at any
particular priority. The first priority gets the shortest timeout, each subsequent
priority gets a longer timeout. Further, the timeout period is roughly 60 seconds.
If you have one priority, the timeout for each server at that priority will be 60
seconds. If you have two priorities, the timeout for each server at the first priority
will be 15 seconds, and each server at the second priority will be 45 seconds. For
three priorities, the timeouts are 5, 10, 45.
attempt to use the DNS server with the priority closest to 0. If that DNS server is
not responding AsyncOS will attempt to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then a slightly longer amount of time for the second, etc. The amount of
time depends on the exact total number of DNS servers and priorities that have
been configured. The timeout length is the same for all IP addresses at any
particular priority. The first priority gets the shortest timeout, each subsequent
priority gets a longer timeout. Further, the timeout period is roughly 60 seconds.
If you have one priority, the timeout for each server at that priority will be 60
seconds. If you have two priorities, the timeout for each server at the first priority
will be 15 seconds, and each server at the second priority will be 45 seconds. For
three priorities, the timeouts are 5, 10, 45.