How to Perform Reverse DNS Lookups for Specific Subnets with Custom Group DNS Servers
Last Updated May 13, 2017
This scenario presumes that you would like the ProxySG to attempt reverse DNS lookups via Custom Group DNS Server and not via your primary DNS server which is an externally hosted/ISP DNS server.
This can be done by defining the Custom group and defining the domain for that custom group as the arpa reverse lookup domain and <enter IP or Subnet>.in-addr.arpa. If you just configure in-addr.arpa all reverse DNS lookup will now go to this custom group.
To create a custom Group DNS server for your internal DNS server 1. Select Configuration > Network > DNS > Groups. The list of DNS groups displays. 2. Click New. The Create DNS Group dialog displays. 3. Enter a name for the DNS group. 4. Enter the servers (IPv4 or IPv6 addresses) and the domains for the group, and click OK. The custom group displays in the DNS Groups list. 5. Click Save.
Example: Your proxy has Primary Group DNS server 22.214.171.124 which is an external DNS server You would like your proxy to perform reverse DNS lookup for your internal IP via your internal DNS server Your internal DNS Server 10.10.10.10 Your internal Network 10.10.100.0/24
1. Select Configuration > Network > DNS > Groups. The list of DNS groups displays. 2. Click New. The Create DNS Group dialog displays. 3. Enter a name for the DNS group "Internal" 4. Enter the server IP 10.10.10.10 and the domain 100.10.10.in-addr.arpa, and click OK. 5. Click Save.
Your proxy will always do a reverse DNS lookup when the IP is 10.10.100.0/24 via the internal DNS Group
The health check will fail for DNS unless you modify Healtch Check settings to use FQDN in 10.10.100.0/24 subnet.
1. Edit DNS Server Health Check
Host: Use user defined Host
Type in a FQDN of one of the pointers (PTR), for instance:
Imported Document ID: 000008290
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe