search cancel

ProxySG does DNS lookups on FQDNs that clients include in HTTP requests

book

Article ID: 175059

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Services such as GeoDNS do not work correctly with ProxySG in transparent mode.

 

Environment

ProxySG using Transparent deployment. 

Cause

By default, ProxySG has the trust-destination-ip configuration option disabled and will therefore do DNS lookups on FQDNs that clients include in HTTP requests.

By default, a MACH5 Edition proxy has the trust-destination-ip configuration option enabled will therefore not do DNS lookups.

Resolution

Use the trust-destination-ip configuration option to prevent the ProxySG looking up the IP of the Fully Qualified Domain Name (FQDN) using DNS. 

In the command line interface, enable trust-destination-ip as follows:

SGOS#(config general) trust-destination-ip {enable | disable}

To use the graphical user interface, navigate to Configuration tab -> Proxy Settings -> General and enable the option "Trust client-provided destination IP when connecting to servers".