Cisco Cisco Email Security Appliance C160 Guía Del Usuario
15-61
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Chapter 15 System Administration
For example, suppose you configure four DNS servers, with two of them at
priority 0, one at priority 1, and one at priority 2:
priority 0, one at priority 1, and one at priority 2:
AsyncOS will randomly choose between the two servers at priority 0. If one of the
priority 0 servers is down, the other will be used. If both of the priority 0 servers
are down, the priority 1 server (1.2.3.6) is used, and then, finally, the priority 2
(1.2.3.7) server.
priority 0 servers is down, the other will be used. If both of the priority 0 servers
are down, the priority 1 server (1.2.3.6) is used, and then, finally, the priority 2
(1.2.3.7) server.
The timeout period is the same for both priority 0 servers, longer for the priority
1 server, and longer still for the priority 2 server.
1 server, and longer still for the priority 2 server.
Using the Internet Root Servers
The Cisco IronPort AsyncOS DNS resolver is designed to accommodate the large
number of simultaneous DNS connections required for high-performance email
delivery.
number of simultaneous DNS connections required for high-performance email
delivery.
Note
If you choose to set the default DNS server to something other than the Internet
root servers, that server must be able to recursively resolve queries for domains
for which it is not an authoritative server.
root servers, that server must be able to recursively resolve queries for domains
for which it is not an authoritative server.
Reverse DNS Lookup Timeout
The Cisco IronPort appliance attempts to perform a “double DNS lookup” on all
remote hosts connecting to a listener for the purposes of sending or receiving
email. [That is: the system acquires and verifies the validity of the remote host's
IP address by performing a double DNS lookup. This consists of a reverse DNS
(PTR) lookup on the IP address of the connecting host, followed by a forward
DNS (A) lookup on the results of the PTR lookup. The system then checks that
the results of the A lookup match the results of the PTR lookup. If the results do
remote hosts connecting to a listener for the purposes of sending or receiving
email. [That is: the system acquires and verifies the validity of the remote host's
IP address by performing a double DNS lookup. This consists of a reverse DNS
(PTR) lookup on the IP address of the connecting host, followed by a forward
DNS (A) lookup on the results of the PTR lookup. The system then checks that
the results of the A lookup match the results of the PTR lookup. If the results do
Table 15-12
Example of DNS Servers, Priorities, and Timeout Intervals
Priority
Server(s)
Timeout (seconds)
0
1.2.3.4, 1.2.3.5
5, 5
1
1.2.3.6
10
2
1.2.3.7
45