What is the default DNS cache expiration time in the Bluecoat ProxySG appliance and How can I change it?

Q: What is the default DNS cache expiration time?

A: Whether or not a DNS query cached is based on the response from the respective DNS server(s):

If DNS responds that the query is non-cacheable, the cache time-to-live (TTL) is set to 0.

If DNS responds that the query is cacheable, the cache TTL is set to a value in seconds.

Example Blue Coat ProxySG:

Blue Coat SG210 Series#test dns www.stgeorge.com.au

Performing DNS lookup for: www.stgeorge.com.au

Sending A query for www.stgeorge.com.au to 10.105.12.36.

DNS Response data:
Official Host Name: www.stgeorge.com.au
Resolved Addresses: 203.23.44.40
Cache TTL: 0, cache MISS
DNS Resolver Response: Success

Blue Coat SG210 Series#test dns stgeorge.com.au

Performing DNS lookup for: stgeorge.com.au

Sending A query for stgeorge.com.au to 10.105.12.36.

DNS Response data:
Official Host Name: stgeorge.com.au
Resolved Addresses: 203.16.39.40
Cache TTL: 7200, cache MISS
DNS Resolver Response: Success

Q: Can I change the DNS cache expiration time on the appliance?

A: You cannot change the DNS cache expiration time on the appliance.

By default, the ProxySG appliances caches negative DNS responses sent by the DNS server. You can configure the length of time, or the time-to-live (TTL) value, for which a negative DNS response is cached. By default, the ProxySG appliance uses the TTL value set on the DNS server.

To modify the time for caching of negative responses, use the following command from the (config) prompt:

SGOS#(config) dns negative-cache-ttl-override

– where the seconds field accepts any integer between 0 and 600 seconds.

– setting the TTL setting to a non-zero value overrides the TTL value from the DNS response.

To disable caching of negative responses, use the following command from the (config) prompt:

SGOS#(config) dns negative-cache-ttl-override 0

– setting the TTL value to 0 seconds disables negative DNS caching.

To restore the default value for caching DNS negative responses, use the following command from the (config) prompt):

SGOS#(config) dns negative-cache-ttl-override seconds

Sponsored Link

Leave a comment

Your email address will not be published. Required fields are marked *