Network Error (dns_server_failure)
search cancel

Network Error (dns_server_failure)

book

Article ID: 167702

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

How to resolve issues where users receive an exception from the proxy that reads, "Network Error (dns_server_failure)"?

While browsing, users occasionally receive an exception page with the following text:

Network Error(dns_server_failure)

 

Troubleshooting further, you see the following on the policy trace.

 EXCEPTION(dns_server_failure): Request could not be handled

 

Resolution

 

If a DNS server exists that cannot resolve all host names, it might return a list of authoritative DNS servers instead of a DNS A record that contains an IP address. To avoid problems with this type of DNS server configuration, configure the ProxySG Appliance to recursively query authoritative DNS servers.

To enable DNS recursion:

  • Go to Configuration -> Network -> DNS -> Groups.
  • Put a check mark next to Enable DNS Recursion.

 

 

Now, when this type of response is sent from a DNS server, the appliance will follow the recursive DNS string to resolve the address.  User requests will then flow as expected.  If this resolves the issue but ends up causing minor browsing delays, consider configuring a public DNS server as the  primary resolver and set internal DNS server to be authoritative for internal domains.  

Steps to do this are as follows:

  • Go to Configuration > Network > DNS > Groups.
  • Select the primary DNS server entry and click Edit.
  • Define the top DNS server listed as a public address, (such as Google's 8.8.8.8)
  • On the second line in the Servers field, enter an internal DNS server
  • In the Domains box on the right, add an asterisk (*) as the domain for the public DNS server.
  • internal DNS server, add internal domains (e.g., my.example.com, example.com) 
  • Click OK and Apply.

This will ensure that the organization's DNS server is only queried for requests that incorporate the internal domain names.  All other queries will be sent to the public DNS server for name resolution.