"DNS Error for hostname mismatch" does not work on the Linux Access Gateway

  • 3933131
  • 12-Feb-2007
  • 05-Jun-2013


Novell Access Management 3 Linux Access Gateway
Access Manager 3 Interim release 1 (nam3ir1.tar.gz) applied


Configured a reverse proxy listening on a specific IP address e.g. This resolved to a DNS host entry of www.mylag.com. Under the Web settings for this reverse proxy, the option "DNS Error for hostname mismatch" was disabled so that no error would be returned if a browser generated a Host header in the request to the revers proxy that did NOT patch the DNS name of the service.

When another DNS host entry was added e.g. www.mylag2.com that also resolved to the IP address, and a browser request for http://www.mylag2.com was generated, the following error was returned indicating that the above DNS hostname mismatch setting did not work.

Your request cannot be processed for this multi-homed web site because the specified host could not be located.

Status Description: 500 Internal Server Error

If this condition persists, please contact your network adminstrator.


Fixed in 3.0 SP2.

To workaround the issue, make sure there are no entries in the DNS database that map multiple reverse proxy service host entries to the same IP address.

Note that the NetWare Access Gateway does not have this issue.

Additional Information

to dup:

1. create a Hosts file with following entries: www.slc.da.com www.da.com w3.da.com

Configure Proxy Service web.da.com on to internal web server www.slc.da.com, Web Server IP

2. disable "DNS Error for hostname mismatch"
3. create a public protected resource
4. Generate a browser request to http://www.da.com, which should be fine, but a browser request generated to http://w3.da.com incorrectly returns DNS host name mismatch error.