Cisco Cisco Web Security Appliance S170 사용자 가이드
25-18
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 25 Configuring Network Settings
Configuring DNS Server(s)
Using the Internet Root Servers
The AsyncOS DNS resolver is designed to accommodate the large number of simultaneous DNS
connections.
connections.
Multiple Entries and Priority
For each DNS server you enter, you can specify a numeric priority. AsyncOS will attempt to use the DNS
server with the priority closest to 0. If that DNS server is not responding AsyncOS will attempt to use
the server at the next priority. If you specify multiple entries for DNS servers with the same priority, the
system randomizes the list of DNS servers at that priority every time it performs a query. The system
then waits a short amount of time for the first query to expire or “time out” and then increments with a
slightly longer amount of time for subsequent servers. The amount of time depends on the exact number
of DNS servers and priorities that have been configured. The timeout length is the same for all IP
addresses at any particular priority. The first priority gets the shortest timeout, each subsequent priority
gets a longer timeout. Further, the timeout period is roughly 60 seconds. If you have one priority, the
timeout for each server at that priority is 60 seconds. If you have two priorities, the timeout for each
server at the first priority is 15 seconds, and each server at the second priority is 45 seconds. For three
priorities, the timeout increments are 5, 10, 45.
server with the priority closest to 0. If that DNS server is not responding AsyncOS will attempt to use
the server at the next priority. If you specify multiple entries for DNS servers with the same priority, the
system randomizes the list of DNS servers at that priority every time it performs a query. The system
then waits a short amount of time for the first query to expire or “time out” and then increments with a
slightly longer amount of time for subsequent servers. The amount of time depends on the exact number
of DNS servers and priorities that have been configured. The timeout length is the same for all IP
addresses at any particular priority. The first priority gets the shortest timeout, each subsequent priority
gets a longer timeout. Further, the timeout period is roughly 60 seconds. If you have one priority, the
timeout for each server at that priority is 60 seconds. If you have two priorities, the timeout for each
server at the first priority is 15 seconds, and each server at the second priority is 45 seconds. For three
priorities, the timeout increments are 5, 10, 45.
For example, four DNS servers with two configured at priority 0, one at priority 1, and one at priority 2:
AsyncOS randomly chooses between the two servers at priority 0. If one of the priority 0 servers is down,
the other is used. If both priority 0 servers are down, the priority 1 server (1.2.3.6) is used, and finally,
the priority 2 (1.2.3.7) server.
the other is used. If both priority 0 servers are down, the priority 1 server (1.2.3.6) is used, and finally,
the priority 2 (1.2.3.7) server.
The timeout period is the same for both priority 0 servers, longer for the priority 1 server, and longer still
for the priority 2 server.
for the priority 2 server.
DNS Alert
If an alert with the message “Failed to bootstrap the DNS cache” is generated when an appliance is
rebooted, it means that the system was unable to contact its primary DNS servers. This can happen at
boot time if the DNS subsystem comes online before network connectivity is established. If this message
appears at other times, it could indicate network issues or that the DNS configuration is not pointing to
a valid server.
rebooted, it means that the system was unable to contact its primary DNS servers. This can happen at
boot time if the DNS subsystem comes online before network connectivity is established. If this message
appears at other times, it could indicate network issues or that the DNS configuration is not pointing to
a valid server.
Clearing the DNS Cache
You can use the Clear DNS Cache button on Network > DNS page, or the
dnsflush
command to clear
all information in the DNS cache when changes have been made to your local DNS system. Using this
command might cause a temporary performance degradation while the cache is repopulated.
command might cause a temporary performance degradation while the cache is repopulated.
Table 25-5
Example of DNS Servers, Priorities, and Timeout Intervals
Priority
Server(s)
Timeout (seconds)
0
1.2.3.4, 1.2.3.5
5, 5
1
1.2.3.6
10
2
1.2.3.7
45