All Email Security Gateways, firmware versions 3.5.10.016 and above.
DNS servers relate domain names to IP addresses, and nearly all computers use them. Every time you go to a website by typing in the name of the site, unless it has been cached locally on your computer, it will use a DNS server to find the IP address of that website.
The Email Security Gateway is no exception, and many of its different spam checks rely on a responsive DNS server to remain efficient. To help reduce the load on your DNS server, Email Security Gateway firmware version 3.5.10.016 introduced DNS caching, allowing the Barracuda to store recent and frequent DNS lookups locally so that it would not need to query the configured DNS server with the same requests over and over. The Barracuda Spam Firewall will locally store (cache) these DNS records for a length of time specified by the TTL (time to live) value on the authoritative name server for each record, as will other devices that do DNS caching (including other DNS servers).
Unfortunately, DNS caching is a double-edged sword. It speeds up domain name resolution by storing recent answers, which means that it will also sometimes skip the normal resolution process. Because DNS servers cache answers until the TTL expires, it can take hours or even days for the entire Internet to recognize changes to DNS information for your domain name.
If you use internal DNS records, using DNS caching on the Email Security Gateway can cause problems - the Email Security Gateway may cache an external DNS record and use that instead. This is especially important when using hostnames, rather than IP addresses, to specify destination mail servers on the Email Security Gateway. In these cases, you would need to either use IP addresses to specify your destination mail servers (instead of hostnames), or only configure internal DNS servers on the Basic > IP Configuration page and set the Use Only These Servers? option to Yes. This will ensure that the Email Security Gateway will cache the appropriate IP addresses for your local mail server hostnames.
If the Use Only These Servers? option is set to No on the Basic > IP Configuration page, the Email Security Gateway will attempt to use external DNS records to resolve hostnames, even if internal DNS servers with internal records are configured.
Link to This Page: