DNS settings

Try the following procedures to verify that your DNS settings are not causing performance to deteriorate.

  • Verify that the DNS settings for the servers are correct by using nslookup in Windows or UNIX-based systems. If the nslookup returns an error you need to reconfigure your DNS settings. If nslookup times out, make sure that the firewall allows port 53 UDP/TCP.
  • Reverse DNS lookups are used to resolve an IP address into a fully qualified domain name. The domain name is used for logging purposes and for applying access rules that specify a host name instead of an IP address. Reverse DNS lookups might cause server performance to deteriorate since a series of requests through the DNS name server tree is made each time.
  • To disable reverse DNS lookups for the FTP server and the HTTP server:
    1. Open the SecureTransport Administration Tool in a web browser and log in as the administrator.
    2. Select Setup > Miscellaneous.
    3. For FTP Reverse DNS Lookups and HTTP Reverse DNS Lookups, choose Reverse DNS lookups disabled.
    4. Click Apply.

  • To disable DNS lookups for Administration Tool server:
    1. Open the SecureTransport Administration Tool in a web browser and log in as the administrator.
    2. Select Operations > Server Configuration.
    3. Search for the Admin.ReverseDNSLookup system configuration parameter.
    4. Click the Edit icon ( ) in the Edit column, type Off in the Value column, and click the Save icon ( ) in the Edit column.
    5. Restart the server.

  • If you need to use reverse DNS lookups, make sure that the DNS path is not blocked by a firewall. Firewalls can block the DNS path when SecureTransport is in the peripheral network (DMZ). Try one of the following workarounds to allow access through the firewall:
    • Allow SecureTransport access to port 53 TCP/UDP.
    • Include a hosts file entry for every computer using the Administration Tool.
    • Connect to the Administration Tool through a proxy, and put a host file entry for just the proxy.
  • In some cases, SecureTransport performs NIS lookups for users and groups, even when real users are disabled in SecureTransport. If there is a large number of users defined in NIS, server performance can deteriorate. To work around the issue, take the computer out of NIS.

Related topics:

Related Links