"dns_server_failure" error occurs when attempting to access a site

Article Id: 169062

Status: Published

Updated On: 23-05-2019 13:28

Legacy Id: TECH245865

Products:

Web Security Service - WSS

Issue/Introduction:

When accessing a site (example: https://www.moea.gov.tw/) through the Web Security Service, the exception page returns a "dns_server_failure" error.

dns_server_failure

Cause:

The Web Security Service DNS servers are configured to use DNSSEC. If the domain (in our example: www.moea.gov.tw) fails when using DNSSEC or the service is misconfigured then the Web Security Service will process the event as a failure returning an error.

Resolution:

For Unified Agent clients and Explicit Proxy:

Within the ThreatPulse portal, access Services > Network > Bypassed Site > Bypassed Domains and add the affected domain (in our example: gov.tw) as a bypassed domain.

The workaround for the rest of the access methods is to talk to the person responsible for the DNS setup for the affected site so they can configure the service properly.