It's about a AsyncOS7.5 on Ironport S360.
I realized that the proxy which is configured as a forward proxy always resolves
the URL names.
In my opinion that's totally unnecessary.
This is actually the job of the last proxy in the chain which has to deliver the request to the web server (ip address).
How can I stop it?
The appliance will resolve the URL names to get its IP address for WBRS scoring purposes.
I haven't tested to see if turning off the WBRS feature will stop these lookups. But I would think there may be more services that require the IP address to function correctly.
Edit: You may want to try to adjust this configuration to see if it helps in the CLI:
Choose a parameter group:
- AUTHENTICATION - Authentication related parameters
- CACHING - Proxy Caching related parameters
- DNS - DNS related parameters
- EUN - EUN related parameters
- NATIVEFTP - Native FTP related parameters
- FTPOVERHTTP - FTP Over HTTP related parameters
- HTTPS - HTTPS related parameters
- SCANNING - Scanning related parameters
- MISCELLANEOUS - Miscellaneous proxy related parameters
Enter values for the DNS options:
Enter the URL format for the HTTP 307 redirection on DNS lookup failure.
Would you like the proxy to issue a HTTP 307 redirection on DNS lookup failure?
Would you like proxy not to automatically failover to DNS results when upstream proxy (peer) is unresponsive?
Find web server by: 0 = use DNS answers in order, 1 = use client supplied address then DNS, 2 = use client supplied address for next hop
connection, DNS for Web Reputation, 3 = use client supplied address for next hop connection and Web Reputation (Warning: Destination IP based
policies will still use DNS).
Might consider trying option #1 or #3. Don't forget to 'commit' the changes.