DNS failover on ProxySG or Advanced Secure Gateway

book

Article ID: 170678

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Is DNS failover supported by the ProxySG or Advanced Secure Gateway (ASG)?

Resolution

  • Yes. The reason the ProxySG or ASG allows multiple DNS servers to be configured in each DNS forwarding group is to support failover. In all DNS forwarding groups (including primary and alternate), the ProxySG or ASG will fail over between the configured DNS servers when it doesn’t get a response. It does not fail over between DNS forwarding groups on timeouts.
  • The ProxySG or ASG sends requests to DNS servers in the Primary DNS server group in the order in which they appear in the list. If a response is received from one of the servers in the Primary group, no attempts are made to contact any other Primary DNS servers.
  • If none of the servers in the Primary group resolve the hostname, the ProxySG or ASG sends requests to the servers in the Alternate DNS server group. (If no Alternate servers have been defined, an error is returned to the client.)


Note: The Alternate DNS server is not used as a failover DNS server. The intent of configuring servers in the “alternate” DNS forwarding group is to support split DNS, where there are internal and external DNS zones and the second set of DNS servers are to be used if the first set returns that a name is unrecognized. If the query to each server in the Primary list times out, no alternate DNS server is contacted.