search cancel

Does the Web security Service accepts DNS queries

book

Article ID: 175092

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

As an administrator, I would like to understand if the Web security Service accepts DNS queries via its different access methods.

Environment

Web Security Service

Resolution

For most environments, only ports 80, 443, and 8080 are routed to WSS. All other traffic is left at their respective ports and goes through the normal gateway.

Traffic that comes from other ports, such as DNS requests on port 53, will not receive responses and will be dropped by WSS.

Additional Information

Interesting note: for explicit proxy configuration (and explicit-derived pac file configuration) DNS resolution is not needed on the client because the browser sends the http request directly to the proxy using the connect method. This removes the need for DNS resolution which is useful in "closed" network.

The WSS Agent also has features to allow computers to operate from closed network since the WSS Agent 8.1 release (Closed Network documentation link).