The InterScan Web Security Virtual Appliance (IWSVA) web console only allows to specify two DNS servers. Machines on other domains cannot open URLs when passing through IWSVA proxy due to DNS resolution issues.
This article provides the steps on how to manually add DNS servers to be setup for IWSVA.
On the web console, DNS server settings are configured in:
-
Administration > Network Configuration > Network Interface
-
Go to the IPv4 Protocol tab and under IPv4 Miscellaneous Setting and configure the two DNS servers:
- Primary DNS server
- Secondary DNS server
If your environment requires additional DNS servers to be set-up for IWSVA (ex. using multiple domains with individual DNS servers), these servers may be added by using the CLI and verified though the custom command line interface shell CLISH.
-
Add the DNS servers manually using CLI:
- Log in to IWSVA CLI as root.
-
Enter “vi /etc/resolv.conf” using vi editor to add DNS servers to resolv.conf file.
- Press the “Insert” key or letter “I” to enable editing.
-
Add the DNS servers using the following format:
nameserver <ip_address>
For example: nameserver 8.8.8.8
- Press the “Esc” key to exit editing mode.
-
Enter “:wq!” to save the file and exit vi editor.
You can also add more than two (2) DNS entries in the /etc/resolv.conf file, as explained in the KB article: Configure IP address settings in InterScan Web Security Virtual Appliance (IWSVA).
-
Verify that IWSVA registers the configured DNS servers via CLISH:
- Log in to IWSVA CLI as root.
- Enter “clish" to go to CLISH interface.
- Enter “enable” to enable privileged mode.
- Enter “show network dns” to display registered DNS server.
-
Verify that your servers are listed as DNS1, DNS2, DNS3, etc.
-
Restart the network service:
- Enter “exit” to leave CLISH privileged mode.
- Enter “exit” again to leave CLISH and go back to CLI.
-
Enter “service network restart” to restart the network service.
