Cisco Cisco Web Security Appliance S690 User Guide
25-29
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 25 Configuring Network Settings
Configuring DNS Server(s)
Using the Internet Root Servers
The IronPort AsyncOS DNS resolver is designed to accommodate the large
number of simultaneous DNS connections.
number of simultaneous DNS connections.
Multiple Entries and Priority
For each DNS server you enter, you can specify a numeric priority. AsyncOS will
attempt to use the DNS server with the priority closest to 0. If that DNS server is
not responding AsyncOS will attempt to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then increments with a slightly longer amount of time for subsequent
servers. The amount of time depends on the exact number of DNS servers and
priorities that have been configured. The timeout length is the same for all IP
addresses at any particular priority. The first priority gets the shortest timeout,
each subsequent priority gets a longer timeout. Further, the timeout period is
roughly 60 seconds. If you have one priority, the timeout for each server at that
priority is 60 seconds. If you have two priorities, the timeout for each server at the
first priority is 15 seconds, and each server at the second priority is 45 seconds.
For three priorities, the timeout increments are 5, 10, 45.
attempt to use the DNS server with the priority closest to 0. If that DNS server is
not responding AsyncOS will attempt to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then increments with a slightly longer amount of time for subsequent
servers. The amount of time depends on the exact number of DNS servers and
priorities that have been configured. The timeout length is the same for all IP
addresses at any particular priority. The first priority gets the shortest timeout,
each subsequent priority gets a longer timeout. Further, the timeout period is
roughly 60 seconds. If you have one priority, the timeout for each server at that
priority is 60 seconds. If you have two priorities, the timeout for each server at the
first priority is 15 seconds, and each server at the second priority is 45 seconds.
For three priorities, the timeout increments are 5, 10, 45.
For example, four DNS servers with two configured at priority 0, one at priority
1, and one at priority 2:
1, and one at priority 2:
AsyncOS randomly chooses between the two servers at priority 0. If one of the
priority 0 servers is down, the other is used. If both priority 0 servers are down,
the priority 1 server (1.2.3.6) is used, and finally, the priority 2 (1.2.3.7) server.
priority 0 servers is down, the other is used. If both priority 0 servers are down,
the priority 1 server (1.2.3.6) is used, and finally, the priority 2 (1.2.3.7) server.
The timeout period is the same for both priority 0 servers, longer for the priority
1 server, and longer still for the priority 2 server.
1 server, and longer still for the priority 2 server.
Table 25-5
Example of DNS Servers, Priorities, and Timeout Intervals
Priority
Server(s)
Timeout (seconds)
0
1.2.3.4, 1.2.3.5
5, 5
1
1.2.3.6
10
2
1.2.3.7
45