The ProxySG first checks all the DNS groups for a domain match, using domain-suffix matching to match a request to a group.
- If there is a match, the servers in the matched group are queried until a response is received; no other DNS groups are queried.
- If there is no match, the ProxySG selects the Primary DNS group.
The ProxySG sends requests to DNS servers in the Primary DNS server group in the order in which they appear in the list. If a response is received from one of the servers in the Primary group, no attempts are made to contact any other Primary DNS servers.
If none of the servers in the Primary group resolve the host name, the ProxySG sends requests to the servers in the Alternate DNS server group. (If no Alternate servers have been defined, an error is returned to the client.)
- If a response is received from a server in the Alternate group list, there are no further queries to the Alternate group.
- If a server in the Alternate DNS server group is unable to resolve the host name, an error is returned to the client, and no attempt is made to contact any other DNS servers.
The Alternate DNS server is not used as a failover DNS server. It is only used when DNS resolution of the Primary DNS server returns a name error. If the query to each server in the Primary list times out, no alternate DNS server is contacted.