Symantec Access Management

  • 1.  DisableDNSLookup : SiteMinder ACO Parameter

    Posted Sep 08, 2017 09:29 AM

    Hi all,

     

    Does DisableDNSLookup parameter concerns only Reverse DNS Lookup or it also affects Direct DNS Lookup ?

     

    We have in one of our Env, DisableDNSLookup=no. We noticed that this parameter was doing Direct DNS lookup as well.

     Web agent was receiving a request with FQDN, as apache.abc.com.

    There was no entry for this host in /etc/hosts. Now the agent tried resolving it via /etc/resolv.conf. But the DNS servers in resolv.conf were down that time and hence it resulted in slowness and unavailability of services. When we set the DisableDNSLookup as yes, this issue was gone. But as per the below article it looks like it only does Reverse DNS Lookup, i.e. IP to host resolve.

    Please suggest if the above issue was the result of DisableDNSLookup=no.

    Error in webagenttrace log, when DisableDNSLookup=no,

    [CSmHttpPlugin::DoDNSLookup ][Entered Function server: apache.abc.com, port: :80]
    [CSmHttpPlugin::DoDNSLookup ][addrinfo lookup failed Temporary failure in name resolution]
    [CSmHttpPlugin::DoDNSLookup ][Leaving Function]

     

    Referred Article:

    Web Agent :: ACO : DisableDNSLookup Precisions 

     

    Regards,

    Anurag



  • 2.  Re: DisableDNSLookup : SiteMinder ACO Parameter
    Best Answer

    Posted Sep 08, 2017 09:42 AM
    Hi Anurag,


    To my understanding it affects both.




  • 3.  Re: DisableDNSLookup : SiteMinder ACO Parameter

    Posted Sep 08, 2017 10:11 AM

    Ok, thanks!



  • 4.  Re: DisableDNSLookup : SiteMinder ACO Parameter

    Posted Sep 10, 2017 08:13 PM

    Hi Anurag,

     

    I double checked this and can now confirm setting DisableDNSLookup=yes , disables both reverse (ip to hostname) and forward (hostname to ip) DNS lookups.

     

    I have also updated the KB article now.

     

    Regards,

    Ujwol