Messaging Gateway

Hi,

I want some information about the diferences between the configuration of Use DNS Internal and DNS external. I know the differences, but if I choose the Use Internal DNS server, how the system knows who are those internal DNS or the SBG has this services. Then when the system resolve and external address how this works? This information is necessary if the SBG are in the internal LAN, because we need to open certains ports in the firewall.
Carlos.

What version of SBG are you using?
Define "too many messages"

If you use an external DNS source, you will not be able to resolve internal hostnames or private MX records within your network.  You'd need to specify IP addresss instead of hostnames for all your local domains.  SBG 9 allows multiple IPs in more places.  If you are using DNS round robin (host name points to multiple IPs) for load balancing this could be an issue.

It looks like your internal DNS is not effectivly caching for the volume of e-mails you are receiving.  Try turning off "Enable reverse DNS lookup" on your scanner(s) under Admin / Configure / Scanner name / SMTP / Advance Settings / Inbound tab.  

This will stop SBG from resolving the IPs of all the spammers talking to your scanner(s).

Version: 8.0.3-11
Too many messages, when the system need  process many messages, the request to the DNS server create a queues of messages, in the log server I can saw many errors of "DNS txt query for...". The queue has more 1000 messages in IN as OUT. This create problems of time when the appliance need to send output messages (same as receive them).


I think that turning off the "Enable reverse DNS lookup" may be a good option.

But the origin of my discussion, what means internal DNS? (in the configuration of SBG)

By two many - I mean is 100 too many, 10,000?  what volume causes the issue.  I'm in a very large organization and see 10 million messages per day and don't have DNS load issues.

Internal/external DNS - You got me - Symantec needs to answer that one!  I see the Admin guide isn't any help either.

What's the difference beween Use internal DNS server vs Use the following external DNS servers?  And why would I pick one over the other.  I've always blindly used "use the following external DNS servers" and then spec'd my internal servers.  Since the Use Internal can only specify a port, how does the box FIND my internal server (and from a DMZ no less!)? (DHCP request to get DNS list)

I’ve been thinking about this.  Here is my theory of operations based on looking at some packet captures.
 
Use Internal DNS: - says that the scanner should talk to the Internet for DNS resolution

• 
  Enables a local “bind” instance.
• Might provide caching services
• Has Root Zone DNS hint file
• Returns answers using recursion via public root DNS servers.
• Does not see private (company internal) DNS.
• Breaks any scanner settings that use privately defined host names (e.g. next hop inbound, LDAP, etc)
• Should be renamed to “Use on-scanner DNS server against Public (internet) DNS”

 
Use External DNS:

• Queries the named off-box DNS servers - either your companies inside DNS, or your ISP's
• No on-box caching services
• Resolves using the DNS View provided by the specified DNS servers
• May resolve differently than what public DNS would provide
• Should be renamed – “Use these specific DNS servers”

Selecting the "User Internal option" will BREAK any settings for your internal network where you used a hostname instead of an IP address.  e.g. if you spec'd a local doman and said route mail to MyExchange.example.com,  this would fail. You would need to specify the IP address of MyExchange instead.

Please mark as Solution if this works for you.

Symantec has confirmed the above difference between "Use Internal" and "Use External". 

Thanks to all.