DNSMatcher retrieves the IP addresses of domain names. This can be used in domain name based policy decisions, for example to allow encrypted connections only to trusted e-banking sites. If the IP address of the name server is not specified in the Section 5.3, Managing client-side name resolution for details).
field, the name server set in the component is used (seeDomain name resolution is completed on-demand basis at each PNS startup by default, so that unnecessary slowdown with the startup can be avoided. In order to have domain name resolution at each startup, the resolve_on_init
parameter has to be checked in.
Note |
---|
Note that in case the zones or the matchers contain unresolvable elements, it may increase the waiting time for a timeout. |
It is recommended to have a locally installed caching DNS service which is capable of providing fast responses, monitored with the used domains.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu