DNS Name Resolution

As iChain Proxy Services processes browser requests, it uses the DNS system to obtain the IP addresses of origin Web servers.

Since the DNS names in browser requests are not always straightforward, the proxy server tries various permutations to try and locate the Web server. As a result, DNS names ending with domain extensions other than .com, .org, and so on, are sometimes resolved in unexpected ways.

If users of your appliance are experiencing this problem, you can customize how the appliance resolves DNS names.

How the Appliance Resolves DNS Names

When the appliance receives a browser request, it creates a DNS query based on the URL in the request and sends the query to one of the DNS name servers defined for the appliance.

How the Appliance Formulates Subsequent DNS Queries

If the DNS name server can't resolve the query, the appliance formulates subsequent DNS queries based on the following:

• The appliance's domain name
• The appliance's R_APPEND.CFG file

For example, assume the following:

• The browser request URL is webserver.
• The appliance's domain name is acme.com.
• The appliance's R_APPEND.CFG file has the following content:

  www.%s.com
www.%s.ed
www.%s.org
www.%s.gov
www.%s.net
%s.com
%s.edu
%s.org
%s.gov
%s.net
www.%s

After the initial request fails, the appliance formulates subsequent requests as follows:

1. The appliance formulates a second query by appending the appliance's domain name to the URL as follows:

   webserver.acme.com

2. If this query fails, the appliance appends the appliance's subdomain name to the URL as follows:

   webserver.com

3. If this query fails, the appliance appends each entry in the R_APPEND.CFG file in the order listed until one of the following occurs:
   • The DNS server returns an IP address for the name.
   • The appliance's query options are exhausted and it returns a DNS error to the browser.

4. If a DNS name has already been tried, the appliance skips the query and moves to the next item in the list.

Continuing with the example, the appliance would submit the following queries, substituting webserver for the %s variable in the lines of the R_APPEND.CFG file.

www.webserver.com

www.webserver.edu

www.webserver.org

www.webserver.gov

www.webserver.net

webserver.edu

webserver.org

webserver.gov

webserver.net

www.webserver

Because webserver.com was tried previously, the appliance skips the sixth line (%s.com) in the R_APPEND.CFG file.

Modifying the R_APPEND.CFG File

To modify the R_APPEND.CFG file:

1. Start an FTP client on a workstation with access to the appliance.

   For help, see Starting an FTP Session with the Appliance.

2. Point the FTP client to one of the appliance's IP addresses.

3. Enter the following command:

   get /etc/proxy/appliance/config/user/r_append.cfg

   The file is transferred to the FTP client's default directory.

4. Referring to the example in How the Appliance Formulates Subsequent DNS Queries, modify the R_APPEND.CFG file using an ASCII editor.

   Ensure that the lines in your file reflect the query order and content you want the appliance to use when attempting DNS name resolution. For example, you might want to reorder the domains listed or include two-letter country codes in the list.

5. Use the put command to place the modified R_APPEND.CFG file back in \ETC\PROXY\APPLIANCE\CONFIG\USER on the appliance.

6. Restart the appliance.