Policy Pages Reference : Branch Services Settings : Caching DNS
  
Caching DNS
You configure DNS caching in the Branch Services page. By default, the DNS cache is disabled.
A DNS name server resolves hostnames to IP addresses and stores them locally in a single appliance. Any time your browser requests a URL, it first looks in the local cache to see if it is there before querying the external name server. If it finds the resolved URL locally, it uses that IP address.
This is a non-transparent DNS caching service. Any client machine must point to the client-side appliance as their DNS server.
Hosting the DNS name server function provides:
•   Improved performance for applications by saving the round trips previously needed to resolve names. Whenever the name server receives address information for another host or domain, it stores that information for a specified period of time. That way, if it receives another name resolution request for that host or domain, the name server has the address information ready, and does not need to send another request across the WAN.
•   Improved performance for services by saving round trips previously required for updates.
•   Continuous DNS service locally when the WAN is disconnected, with no local administration needed, eliminating the need for DNS servers at branch offices.
For details about DNS caching, see the SteelHead Management Console User’s Guide for SteelHead CX.
The Branch Services page contains the following groups of settings:
•  General Settings
•  DNS Forwarding Name Servers
•  Advanced Cache
•  Advanced Name Servers
General Settings
Complete the configuration as described in this table.
Control
Description
Enable Caching DNS
Enabled - Forwards name resolution requests to a DNS name server, then stores the address information locally in the SCC. By default, the requests go to the root name server, unless you specify another name server.
Disabled - Stops the SCC from acting as the DNS name server.
DNS Cache Size (bytes)
Specifies the cache size, in bytes. The default value is 1048576. The range is from 524288 to 2097152.
Primary Interface Responding to DNS Requests
Enabled - Enables the name server to listen for name resolution requests on the primary interface.
Disabled - Stops the name server from using the primary interface
Aux Interface Responding to DNS Requests
Enabled - Enables the name server to listen for name resolution requests on the auxiliary interface.
Disabled - Stops the name server from using the auxiliary interface.
Apply
Applies your settings.
DNS Forwarding Name Servers
Complete the configuration as described in this table.
Control
Description
Add a New DNS Server Name
Displays the controls to add a DNS name server to that the SCC forwards requests to cache responses. By default, the SCC only forwards requests to the Internet root name servers when you enable caching DNS without specifying any name servers to forward requests to. You can add multiple name servers to use; the SCC uses failover to these if one name server is not responding.
Name Server IP Address
Specify an IP address for the name server.
Position
Specify the order in that the name servers are queried (when using more than one). If the first name server, or forwarder, does not respond, the SteelHead queries each remaining forwarder in sequence until it receives an answer or until it exhausts the list.
Add
Adds the name server.
Advanced Cache
Complete the configuration as described in this table.
Control
Description
Caching of Forwarded Responses
Enables the cache. The cache is enabled by default; however nothing is actually cached until you select the General Setting Enable Caching DNS.
Maximum Cache Time (seconds)
Specify the maximum number of seconds the name server stores the address information. The default setting is one week (604,800 seconds). The minimum is 2 seconds and the maximum is thirty days (2,592,000 seconds). You can adjust this setting to reflect how long the cached addresses remain up-to-date and valid.
Note: Changes to this setting affect new address information and do not change responses already in the cache.
Minimum Cache Time (seconds)
Specify the minimum number of seconds that the name server stores the address entries. The default value is 0. The maximum value is the current value of Maximum Cache Time.
Typically there is no need to adjust this setting.
Note: Changes to this setting affect new responses and do not change any responses already in the cache.
Neg DNS Maximum Cache Time (seconds)
Specify the maximum number of seconds that an unresolved negative address is cached. The valid range is from two seconds to thirty days (2,592,000 seconds). The default value is 10,800 seconds.
A negative entry occurs when a DNS request fails and the address remains unresolved. When a negative entry is in the cache, the appliance does not request it again until the cache expires, the maximum cache time is reached, or the cache is cleared.
Neg DNS Minimum Cache Time (seconds)
Specify the TTL for a negative entry, that is always this value or above, even if the server returns a smaller TTL value. For example, when this value is set to 300 seconds and the client queries aksdfjh.com, the DNS service returns a negative answer with a TTL of 100 seconds, but the DNS cache stores the entry as having a TTL of 300 seconds. The default value is 0, that specifies that the SteelHead still caches negative responses; it does not place a lower bound on what the TTL value for the entry can be.
Freeze Cache
Freezes the cache contents. When the cache is frozen, entries do not automatically expire from the cache. They are still returned in response to DNS queries. This is useful to keep local services available when the WAN is disconnected. By default, this setting is disabled.
Note: When the cache is frozen and full, entries can still be pushed out of the cache by newer entries.
Minimum TTL of a Frozen Entry (seconds)
Specify the minimum TTL in seconds that a response from a frozen cache has when sent to a branch office client. The default value is 10. For example, suppose this value is set to 60 seconds. At the time the cache is frozen, the cache entry for riverbed.com has a TTL of 300 seconds. For subsequent client requests for riverbed.com, the service responds with a TTL of 300 seconds minus however much time has lapsed since the cache freeze. After 240 seconds have elapsed, the service responds to all subsequent requests with a TTL of 60 seconds regardless of how much time elapses, until the cache is unfrozen.
Advanced Name Servers
Complete the configuration as described in this table.
Control
Description
For Unresponsive Name Servers
Detects when one of the name servers is not responding and send requests to a responsive name server instead
Forwarder Down After (seconds)
Specify how many seconds can pass without a response from a name server until the appliance considers it unresponsive. The default value is 120. When the name server receives a request but does not respond within this time and does not respond after the specified number of failed requests, the appliance determines that it is down. It then queries each remaining forwarder in sequence until it receives an answer or it exhausts the list. When the list is exhausted and the request is still unresolved, you can specify that the SteelHead try the root name server.
Forwarder Down After (requests)
Specify how many requests a name server can ignore before the appliance considers it unresponsive. The default value is 30. When the name server does not respond to this many requests and does not respond within the specified amount of time, the appliance determines that it is down. It then queries each remaining forwarder in sequence until it receives an answer or it exhausts the list. When the list is exhausted and the request is still unresolved, you can specify that the SteelHead try the root name server.
Retry Forwarder After (seconds)
Specify the time limit, in seconds, that the appliance forwards the name resolution requests to name servers that are responding instead of name servers that are down. The appliance also sends a single query to name servers that are down using this time period. If they respond, the appliance considers them back up again. The default value is 300. The single query occurs at intervals of this value – if the value is set to 300, a request is allowed to go to a forwarder considered down about every 300 seconds until it responds to one.
Fallback to Root Name Servers
Forwards the request to a root name server when all other name servers have not responded to a request. This is the default setting; either this option must be enabled or a server must be present. When the fallback to root name servers option is disabled, the SteelHead only forwards a request to the forwarding name servers listed above. If it exhausts these name servers and does not get a response, it does not forward the request to a root name server and returns a server failure.
Note: If the name servers used by the SteelHead are internal name servers; that is, they can resolve hostnames that external name servers like the Internet DNS root servers cannot, you must disable this option. Otherwise, if the name servers all fail, the root name servers can inform the SteelHead that a host visible only to internal name servers does not exist, can cache that response, and return it to clients until it expires. This prolongs the period of time until service comes back up after name servers are down.
Apply
Applies the settings.