Enabled 'Host DNS Verification' setting for "SUSPECTLIST" Sender Group

pbabu6001 · ‎02-06-2017

Hi All,

I am facing high workqueue and CPU utilization issue on C670 IronPort server. Does below solution will help to resolve this issue (Not completely, at least somewhat).

Solution: Disable "Host DNS Verification setting for "SUSPECTLIST" Sender Group.

We have Order as below:

Order 1: WHITELIST

Order 2: BLACKLIST

Order 3: SUSPECTLIST (Enabled all 3 Connecting Host DNS verification)

Order 4: UNKNOWNLIST

Find the below results which are came at peak hours:

UNKNOWNLIST - 99.4k

BLACKLIST - 99k

SUSPECTLIST - 17k

WHITELIST - 5.5k

Thank you!!

Libin Varghese · ‎02-06-2017

Hi,

I do not think this would change CPU usage by a large extent unless you have being seeing delays in DNS responses from the configured DNS servers.

I would recommend starting with command "status detail" to check what is currently utilizing CPU and "displayalerts" to see if there were any recent errors.

If you use URL filtering ensure the configuration is updated as per recommendation in the below field notice.

http://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html

Also below article is helpful in understanding CPU load.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200468-High-CPU-utilization-after-upgrading-ESA.html

Thanks

Libin Varghese