How to resolve issues where users receive an exception from the proxy that reads, "Network Error (dns_server_failure)"?
While browsing, users occasionally receive an exception page with the following text:
Troubleshooting further, you see the following on the policy trace.
EXCEPTION(dns_server_failure): Request could not be handled
If a DNS server exists that cannot resolve all host names, it might return a list of authoritative DNS servers instead of a DNS A record that contains an IP address. To avoid problems with this type of DNS server configuration, configure the ProxySG Appliance to recursively query authoritative DNS servers.
To enable DNS recursion:
Now, when this type of response is sent from a DNS server, the appliance will follow the recursive DNS string to resolve the address. User requests will then flow as expected. If this resolves the issue but ends up causing minor browsing delays, consider configuring a public DNS server as the primary resolver and set internal DNS server to be authoritative for internal domains.
Steps to do this are as follows:
This will ensure that the organization's DNS server is only queried for requests that incorporate the internal domain names. All other queries will be sent to the public DNS server for name resolution.