Cisco Cisco Email Security Appliance C160 Mode D'Emploi
33-56
Cisco AsyncOS 9.1 for Email User Guide
Chapter 33 System Administration
Changing Network Settings
Reverse DNS Lookup Timeout
The appliance attempts to perform a “double DNS lookup” on all remote hosts connecting to a listener
for the purposes of sending or receiving email. [That is: the system acquires and verifies the validity of
the remote host's IP address by performing a double DNS lookup. This consists of a reverse DNS (PTR)
lookup on the IP address of the connecting host, followed by a forward DNS (A) lookup on the results
of the PTR lookup. The system then checks that the results of the A lookup match the results of the PTR
lookup. If the results do not match, or if an A record does not exist, the system only uses the IP address
to match entries in the Host Access Table (HAT).] This particular timeout period applies only to this
lookup and is not related to the general DNS timeout discussed in
for the purposes of sending or receiving email. [That is: the system acquires and verifies the validity of
the remote host's IP address by performing a double DNS lookup. This consists of a reverse DNS (PTR)
lookup on the IP address of the connecting host, followed by a forward DNS (A) lookup on the results
of the PTR lookup. The system then checks that the results of the A lookup match the results of the PTR
lookup. If the results do not match, or if an A record does not exist, the system only uses the IP address
to match entries in the Host Access Table (HAT).] This particular timeout period applies only to this
lookup and is not related to the general DNS timeout discussed in
The default value is 20 seconds. You can disable the reverse DNS lookup timeout globally across all
listeners by entering ‘0’ as the number of seconds.
listeners by entering ‘0’ as the number of seconds.
If the value is set to 0 seconds, the reverse DNS lookup is not attempted, and instead the standard timeout
response is returned immediately. This also prevents the appliance from delivering mail to domains that
require TLS-verified connections if the receiving host’s certificate has a common name (CN) that maps
to the host’s IP lookup.
response is returned immediately. This also prevents the appliance from delivering mail to domains that
require TLS-verified connections if the receiving host’s certificate has a common name (CN) that maps
to the host’s IP lookup.
DNS Alert
Occasionally, an alert may be generated with the message “Failed to bootstrap the DNS cache” when an
appliance is rebooted. The messages means that the system was unable to contact its primary DNS
servers, which can happen at boot time if the DNS subsystem comes online before network connectivity
is established. If this message appears at other times, it could indicate network issues or that the DNS
configuration is not pointing to a valid server.
appliance is rebooted. The messages means that the system was unable to contact its primary DNS
servers, which can happen at boot time if the DNS subsystem comes online before network connectivity
is established. If this message appears at other times, it could indicate network issues or that the DNS
configuration is not pointing to a valid server.
Clearing the DNS Cache
The Clear Cache button from the GUI, or the d
nsflush
command (for more information about the
dnsflush
command, see the Cisco AsyncOS CLI Reference Guide), clears all information in the DNS
cache. You may choose to use this feature when changes have been made to your local DNS system. The
command takes place immediately and may cause a temporary performance degradation while the cache
is repopulated.
command takes place immediately and may cause a temporary performance degradation while the cache
is repopulated.
Configuring DNS Settings via the Graphical User Interface
Procedure
Step 1
Select Network > DNS.
Step 2
Click Edit Settings.
Step 3
Select whether to use the Internet’s root DNS servers or your own internal DNS server or the Internet’s
root DNS servers and specify alternate DNS servers.
root DNS servers and specify alternate DNS servers.
Step 4
If you want to use your own DNS server(s) enter the server ID and click Add Row. Repeat this for each
server. When entering your own DNS servers, specify a priority as well. For more information, see
server. When entering your own DNS servers, specify a priority as well. For more information, see
.
Step 5
If you want to specify alternate DNS servers for certain domains, enter the domain and the alternate DNS
server IP address. Click Add Row to add additional domains.
server IP address. Click Add Row to add additional domains.