I have 2 - 4500B boxes configured in cluster. Currently both are configured to internal dns (Windows) for internet sites name resolution. Recently we have upgraded the BW of our internet circuits but couldnt find any change in the browsing speed. we are suspecting the issue with DNS resolution. Being a remote site, our local windows DC's are ADC (additional DC's) where are the primary DC's are located in US with a latency of 230ms. So would like to configure our proxies with internet DNS IP's preferably 18.104.22.168 so that the DNS request from proxies exists out of my site instead of going to corporate. Alos the proxies are configured to authenticate to AD for internet access. so want to know how can i configure webgateway so that it uses the Windows DC's for LDAP/NTLM authentication and should use the external IP for DNS resolution?
MWG has a feature called "Conditional Forwarding" which can be configured on Configuration -> Domain Name Service. Here you can make a "split DNS" setup which will use Windows DCs for all internal domains you list and use 22.214.171.124 for everything else.
i have enabled split dns over the weekend but couldn't make it work as i am getting Host cannot be resolved error message. Would like to know if we need to configure Reverse lookup also in the configuration to make it work?
where did you see "Host cannot be resolved"? When you tried to browse a web site or somewhere else?
The only thing reverse DNS might be required for is NTLM when connecting to the Domain Controller. For browsing the internet there is no need for a reverse DNS configuration in the split DNS configuration. "Host cannot be resolved" generally means that MWG was unable to talk to any of the nameservers that were configured. When you enable split DNS MWG runs its own nameserver on localhost which has the configuration to talk to specific nameservers for some domains and redirect everything else to the "forwarders" (the external name servers). Probably there was something wrong in your split DNS configuration, I think finding out what went wrong requires more troubleshooting.
Did you try name resolution on the command line as well?
I got the message when trying to browse post configuring split dns in webgateway. But webgateway is able to resolve sites (name to IP) when i did nslookup from CLI. Also at the same time i can see hits from webwasher to public dns in my FW & internet router on port 53, but couldn't browse internet for some reason.