Cisco Cisco Web Security Appliance S390 Guida Utente
25-29
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 25 Configuring Network Settings
Configuring DNS Server(s)
Split DNS
AsyncOS supports split DNS where internal servers are configured for specific
domains and external or root DNS servers are configured for other domains. If you
are using your own internal server, you can also specify exception domains and
associated DNS servers.
domains and external or root DNS servers are configured for other domains. If you
are using your own internal server, you can also specify exception domains and
associated DNS servers.
Using the Internet Root Servers
The IronPort AsyncOS DNS resolver is designed to accommodate the large
number of simultaneous DNS connections.
number of simultaneous DNS connections.
Multiple Entries and Priority
For each DNS server you enter, you can specify a numeric priority. AsyncOS will
attempt to use the DNS server with the priority closest to 0. If that DNS server is
not responding AsyncOS will attempt to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then increments with a slightly longer amount of time for subsequent
servers. The amount of time depends on the exact number of DNS servers and
priorities that have been configured. The timeout length is the same for all IP
addresses at any particular priority. The first priority gets the shortest timeout,
each subsequent priority gets a longer timeout. Further, the timeout period is
roughly 60 seconds. If you have one priority, the timeout for each server at that
priority is 60 seconds. If you have two priorities, the timeout for each server at the
first priority is 15 seconds, and each server at the second priority is 45 seconds.
For three priorities, the timeout increments are 5, 10, 45.
attempt to use the DNS server with the priority closest to 0. If that DNS server is
not responding AsyncOS will attempt to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then increments with a slightly longer amount of time for subsequent
servers. The amount of time depends on the exact number of DNS servers and
priorities that have been configured. The timeout length is the same for all IP
addresses at any particular priority. The first priority gets the shortest timeout,
each subsequent priority gets a longer timeout. Further, the timeout period is
roughly 60 seconds. If you have one priority, the timeout for each server at that
priority is 60 seconds. If you have two priorities, the timeout for each server at the
first priority is 15 seconds, and each server at the second priority is 45 seconds.
For three priorities, the timeout increments are 5, 10, 45.
For example, four DNS servers with two configured at priority 0, one at priority
1, and one at priority 2:
1, and one at priority 2:
Table 25-5
Example of DNS Servers, Priorities, and Timeout Intervals
Priority
Server(s)
Timeout (seconds)
0
1.2.3.4, 1.2.3.5
5, 5