Following the upgrade to Messaging Gateway (SMG) 10.9.2 you begin to see an increase in domain name resolution failures in SMG. These failures may include failures to resolve the hostname of inbound connections to the Messaging Gateway as well as failures in resolving MX records and hostnames for email delivery. Often these failures will occur more frequently with some email domains than others.

malilog
hard DNS error 'Timeout while contacting DNS servers' during MX lookup of '[domain]'

Version: 10.9.2

Changes to the DNS resolution timeouts and retry schedule in both the default system resolver and the resolver used by the SMG MTA are making Messaging Gateway more sensitive to slow DNS resolution in some environments.

This issue is under investigation by Broadcom product engineering and will be addressed in an upcoming patch to version 10.9.2.

This KB will be updated when the patch is available. Please subscribe to be automatically notified of any updates.

Short term mitigation

Where possible, disable extraneous DNS resolution such as:

• MTA DNS checks in Protocols > Settings > DNS Validation
• Legacy URL Reputation in Spam > Scan Settings > Enable URL Reputation

• Subscribe to a Broadcom knowledge article by article or product