Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

For example, suppose you configure four DNS servers, with two of them at 
priority 0, one at priority 1, and one at priority 2:

AsyncOS will randomly choose between the two servers at priority 0. If one of the 
priority 0 servers is down, the other will be used. If both of the priority 0 servers 
are down, the priority 1 server (1.2.3.6) is used, and then, finally, the priority 2 
(1.2.3.7) server.

The timeout period is the same for both priority 0 servers, longer for the priority 
1 server, and longer still for the priority 2 server.

The Cisco IronPort AsyncOS DNS resolver is designed to accommodate the large 
number of simultaneous DNS connections required for high-performance email 
delivery.

If you choose to set the default DNS server to something other than the Internet 
root servers, that server must be able to recursively resolve queries for domains 
for which it is not an authoritative server.

The Cisco IronPort appliance attempts to perform a “double DNS lookup” on all 
remote hosts connecting to a listener for the purposes of sending or receiving 
email. [That is: the system acquires and verifies the validity of the remote host's 
IP address by performing a double DNS lookup. This consists of a reverse DNS 
(PTR) lookup on the IP address of the connecting host, followed by a forward 
DNS (A) lookup on the results of the PTR lookup. The system then checks that 
the results of the A lookup match the results of the PTR lookup. If the results do 

0

1.2.3.4, 1.2.3.5

5, 5

1

1.2.3.6

10

2

1.2.3.7

45