ProxySG appliance DNS server health checks fail

book

Article ID: 166812

calendar_today

Updated On:

Products

SG-300 SG-600 SG-510 SG-9000

Issue/Introduction

The ProxySG appliance event log reports that the primary DNS server continually fails appliance health checks.  

Resolution

By default, the appliance checks the DNS server every 10 seconds. If your DNS server is unable to resolve www.bluecoat.com (216.52.23.9), that health check fails and reports a health check failure to the appliance. If your DNS server doesn't resolve external DNS but you want to keep the DNS server in your appliance configuration to resolve internal addresses, you can try to disable the DNS health check as follows: 

  1. Select Configuration > Health Checks > General.
  2. Select the health check you want to disable and click Edit.
  3. On Edit dialog, select Disabled - Health and click OK.
  4. Click Apply to save your changes.

 Refer to KB3022 for more information.

Note: Before disabling the health check, it may be prudent to verify if your appliance can in fact reach your internal DNS server.  You can test this via the appliance CLI (telnet, SSH, or serial console) and issue a ping to the server. If the ping fails, check your network's routing configuration to verify the appropriate 'next hop' router that will send the traffic to your DNS server. Then, configure a static route on the appliance as follows:

  1. Select Configuration > Network > Routing.
  2. Click the Routing tab.
  3. Beside Install Static Routing Table from, select Text Editor and click Install
  4. On the Edit and Install the Static Routing Table dialog, specify the the route as follows:
    <DNS Server IP> <subnet mask> <routing gateway>
  5. Click Install to save the routing change.  
  6. Test the connection to the DNS server again.