This article describes the functionality of DNS lookups with URL filtering, how you can disable it and what is the impact of disabling DNS lookups.
Cisco recommends that you have knowledge of these topics:
URL filtering functionality on the Email Security Appliance (ESA).
Editing the configuration of your ESA.
The information in this document is based on Cisco ESA on AsyncOS version 9.7+.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
DNS lookup for URL filtering
On the ESA, URL filtering has two methods of retrieving Web Base Reputation Score (WBRS).
Using DNS lookups to query for the WBRS score from the hosted Cisco URL filtering servers, this information is updated in real time and adds to an increase in accuracy and response for the latest WBRS scores assigned to specific URLs.
Using WBRS database hosted by Cisco and retrieving the WBRS score for the associated URL, this database is updated incrementally through sensory information every 5 minutes and downloaded to the ESA from the security update increments.
Impact of disabling DNS lookup for URL filtering
Disabling DNS lookups on URL filtering will remove the functionality of real time WBRS score queries through DNS lookup to the URL filtering servers. WBRS scores will instead be fetched from the WBRS database per each URL which are updated every 5 minutes.
How to disable URL filtering DNS lookups
Note: DNS lookups on URL filtering can only be disabled in the CLI, the command to change this configuration is machine specific.
ESA > websecurityadvancedconfig
Enter URL lookup timeout (includes any DNS lookup time) in seconds: >
Enter the URL cache size (no. of URLs): >
Do you want to disable DNS lookups? [N]> Y
Enter the maximum number of URLs that should be scanned: >
Enter the Web security service hostname: [v2.sds.cisco.com]>
Enter the threshold value for outstanding requests: >
Do you want to verify server certificate? [N]>
Enter the default time-to-live value (seconds): >
Do you want to rewrite all URLs with secure proxy URLs? [Y]>
Do you want to include additional headers? [N]>
Enter the default debug log level for RPC server: [Info]>
Enter the default debug log level for URL cache: [Info]>
Enter the default debug log level for HTTP client: [Info]>