DNS Health Check failing for internal/local DNS server

book

Article ID: 193870

calendar_today

Updated On:

Products

ProxyAV Software - AVOS ProxySG Software - SGOS Reverse Proxy

Issue/Introduction

When proxy is configured to use an internal/local DNS server that does not have forwarding enabled, the DNS Health Check will fail. 

Cause

The ProxySG DNS Health check sends a DNS query to the configured DNS server for symantec.com or bluecoat.com, depending on the SGOS version.
If the configured DNS server is an internal DNS server with no forwarding configured nor public records, it will respond with "Host not found" for symantec.com or blue.com, which results in a Health Check failure on the Proxy and thus making this DNS server unusable.

Environment

The ProxySG is configured to use an internal/local DNS server that does not have forwarding enabled nor any DNS records for the public domains.

Resolution

To address this issue, configure the DNS Server's Health Check on the Proxy to perform a DNS Health Check on a known Fully Qualified Domain Name (FQDN) in the DNS query.

To configure the health check through the Management Console GUI:

  1. Login to the Proxy GUI(launcher)
  2. Go to the Configuration Tab –> Health Checks –> General.
  3. Select an Internal DNS server from the list,  and click "Edit" this will bring up the Configuration Window:

 

In the Host section select: "Use defined Host"

Enter a known FQDN (i.e. Domain.local, company.com) that matches your Active Directory DNS Domain name or use a specified host (server1.company.com), or an FQDN which the DNS server has a DNS record.

      4. Click OK and Apply the Changes.

This will allow the Proxy to query a domain or host that the internal DNS server can resolve thus preventing the service from changing to a failed state.

Attachments