"dns_server_failure" error occurs when attempting to access a site

book

Article ID: 169062

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

When accessing a site (example: https://www.moea.gov.tw/) through the Web Security Service,  the exception page returns a "dns_server_failure" error.

 

dns_server_failure

Cause

The Web Security Service DNS servers are configured to use DNSSEC. If the domain (in our example: www.moea.gov.tw) fails when using DNSSEC or the service is misconfigured then the Web Security Service will process the event as a failure returning an error.

Resolution

For Unified Agent clients and Explicit Proxy:

Within the ThreatPulse portal, access Services > Network > Bypassed Site > Bypassed Domains and add the affected domain (in our example: gov.tw) as a bypassed domain. 

The workaround for the rest of the access methods is to talk to the person responsible for the DNS setup for the affected site so they can configure the service properly.