When attempting to use the DNS proxy we found some interesting results.
ASL attempts by nature to access the root.servers for its DNS results.
EX: 128.8.10.90, 192.5.5.241, etc
When we went into Proxies - DNS we saw that the DNS proxy was disabled by default.
So we enabled it and put in our internal DNS server.
Performing a tcpdump on the ASL box we saw that traffic stopped looking to root.servers and looked properly to our DNS server.
Now the bug:
When we went and DISABLED the dns proxy (putting it back to it's default setting) traffic did not resume looking to root.servers. It continued to look to our internal DNS server.
We had to re-enable, and REMOVE our dns entry, for it to go back to looking to internet root.servers.
When we clicked disable, at that point ASl should have looked to the internet root.servers for their DNS.
As it currently is in 4.737 you can't have entries in the Proxy DNS, *and* have it disabled and expect it to look to internet root.servers.
The Proxy DNS record table has to be empty.
And one final note. With the Proxy DNS enabled, but an empty record table, it resumes looking for root.servers.
End result:
The record table must be empty, and it's enabled/disabled status has no bearing on where it looks for it's DNS.
With the Proxy DNS record table populated, enabled/disabled also has no bearing on where it looks.
