1 2 Previous Next 12 Replies Latest reply on Sep 6, 2017 10:34 AM by ibra

    Configuration DNS (Url internal resolution)

    ibra

      Hello ,

       

       

       

      I'm new user of McAfee web Gateway, can you help me please, I have a problem with my new McAfee web Gateway version 7.6.2 (Appliance install on a virtual machine) .


      My mwg(McAfee web Gateway) doesn't resolve the internal name domain, i don't see where i misconfigured

       

       

      when i resolve an internal name with nslookup the resolution is OK

      ~]# nslookup
      > hostweb.toto.fr
      Server:         1.1.1.1
      Address:        1.1.1.1#53

      hostweb.toto.fr   canonical name = XXXXXX.toto.fr.
      Name:   XXXXXX.toto.fr
      Address: 11.11.11.11
      >

       

           •The Telnet "myDNS" 53 is OK from mwg

       

       

           •In the "/etc/resolv.conf"

      A standard /etc/resolv.conf looks like this:

      ------------------------------------------

      ### BEGIN AUTOGENERATED CONFIG

      nameserver      127.0.0.1

      ### END AUTOGENERATED CONFIG

       

      •The "conditional DNS forwarder Configuration" is OK ( i configure 3 internal DNS )

      Conditional forwarding then is configured in /var/named/chroot/etc/named.conf.mwg.

      ------------------------------------------

       

      view "default" IN {
                              max-cache-ttl 20000;
                              max-ncache-ttl 50000;

                              zone  "." IN  {
                                      type forward;
                                      forwarders {1.1.1.1;2.2.2.2;3.3.3.3;};
                                      forward only;
                              };
      zone  "toto.fr" IN  {
                                      type forward;
                                      forwarders {1.1.1.1;2.2.2.2;3.3.3.3;};
                                      forward only;
                              };
      zone  "tata.fr" IN  {
                                      type forward;
                                      forwarders {1.1.1.1;2.2.2.2;3.3.3.3;};
                                      forward only;
                              };

      };

       

      ------------------------------------------

       

      So when i use the url (interne) http://hostweb.toto.fr in my web browser the url fail

       

      Could you help

      Thanks

        • 1. Re: Configuration DNS (Url internal resolution)
          Peacekeeper

          Moved to Web Gateway for a better chance of help

          • 3. Re: Configuration DNS (Url internal resolution)
            Jon Scholten

            The example above is a bit inconsistent because you obfuscated the domain names and IPs. Also, I care more about what the GUI says than the CLI. The GUI should be the source of truth.

             

            Internal Domain: toto.fr

            Test Domain: hostweb.toto.fr

            toto.fr DNS Servers: 1.1.1.1, 2.2.2.2

            External DNS Servers: 8.8.8.8, 9.9.9.9

             

            Then this is what your MWG's DNS settings should look like:

             

            Then run the following tests against nslookup:

             

            Parameters (where 1.1.1.1, 2.2.2.2, 8.8.8.8. 9.9.9.9 are your actual DNS servers):

            • hostweb.toto.fr
            • hostweb.toto.fr 1.1.1.1
            • hostweb.toto.fr 2.2.2.2
            • hostweb.toto.fr 8.8.8.8
            • hostweb.toto.fr 9.9.9.9

             

             

            If your DNS settings dont look like what I have above, correct them and let us know the results.

             

            If your DNS setting DO look like what I have above, gather the DNS results.

             

            Best Regards,

            Jon

            • 4. Re: Configuration DNS (Url internal resolution)
              ibra

              Hello Jon,

               

              Thank you, I take note your remark and i make you a quick return

               

              Best Regards,

              Ibrahim

              • 5. Re: Configuration DNS (Url internal resolution)
                ibra

                Hello Jon,

                 

                My setting is like that (see screen below ...) but my MWG is configured as a relay.

                 

                ##McAfee Web Gateway##---------nexthop proxy------>##Proxy SG (bleucoat)## -----------> internet

                 

                I dont configure External DNS Servers: 8.8.8.8, 9.9.9.9 but only internal DNS (192.X.X.36; 192.X.X.8; 192.X.X.7) see screen below

                 

                 

                 

                 

                 

                Below DNS result ;

                 

                 

                 

                 

                 

                 

                but i have this error in my browser;

                 

                Network Error (tcp_error)


                A communication error occurred: ""
                The Web Server may be down, too busy, or experiencing
                other problems preventing it from responding to requests. You may wish to try
                again at a later time.

                 

                you have a idea about this issue ?

                 

                thank you for your help and sorry for my english

                • 6. Re: Configuration DNS (Url internal resolution)
                  ibra

                  Hello Jon,

                   

                  My setting is like that (see screen below ...) but my MWG is configured as a relay.

                   

                  ##McAfee Web Gateway##---------nexthop proxy------>##Proxy SG (bleucoat)## -----------> internet

                   

                  I dont configure External DNS Servers: 8.8.8.8, 9.9.9.9 but only internal DNS (192.X.X.36; 192.X.X.8; 192.X.X.7) see screen below

                   

                  Conf_MWG.PNG

                  Below DNS result it is the same result for the 3 DNS ;

                   

                  DNS_result.PNG

                   

                   

                  but i have this error in my browser;

                   

                  Network Error (tcp_error)


                  A communication error occurred: ""
                  The Web Server may be down, too busy, or experiencing
                  other problems preventing it from responding to requests. You may wish to try
                  again at a later time.

                   

                  you have a idea about this issue ?

                   

                  thank you for your help and sorry for my english

                  • 7. Re: Configuration DNS (Url internal resolution)
                    Jon Scholten

                    It looks like Web Gateway is operating as expected (DNS works fine). The error you showed is a clueboat error, not a MWG error.

                    • 8. Re: Configuration DNS (Url internal resolution)
                      ibra

                      Hello Jon,

                       

                      Thanks for you reponse.

                       

                      Yes the DNS works well, but if this error came from the bleucoat why the MWG forward the request that can resolve by internal DNS

                       

                      A rule must be installed in Url filtering rules ?

                       

                      I'll put a debug on my bleucoat to see if the request was well forward.

                       

                      i make you a quick return

                       

                      thank you for your help and sorry for my english

                      • 9. Re: Configuration DNS (Url internal resolution)
                        ibra

                        Hello Jon,

                         

                        My tcpdump in bluecoat confirms that did you said,  the error show is a bluecoat error.

                         

                        But I see a strange thing about the MWG tcpdump (see screen below ...)

                        192.X.X.247 is my MWG

                        192.X.X.8 is my DNS

                         

                        tcpdump.PNG

                        So "Nslookup" works fine in my MWG

                        Did you have a idea ?

                         

                        thank you for your help and sorry for my english

                        1 2 Previous Next