Enabling DNS Caching : Configuring DNS caching
  
Configuring DNS caching
You configure a local DNS name server for caching in the Optimization > Branch Services: Caching DNS page. By default, the DNS cache is disabled.
A DNS name server resolves hostnames to IP addresses and stores them locally in a single SteelHead. Any time your browser requests a URL, it first looks in the local cache to see if it is there before querying the external name server. If it finds the resolved URL locally, it uses that IP address.
This feature is a nontransparent DNS caching service. Any client machine must point to the client-side SteelHead as their DNS server.
Hosting the DNS name server function provides:
Improved performance for applications by saving the round-trips previously needed to resolve names. Whenever the name server receives address information for another host or domain, it stores that information for a specified time period. That way, if it receives another name resolution request for that host or domain, the name server has the address information ready, and doesn’t need to send another request across the WAN.
Improved performance for services by saving round-trips previously required for updates.
Continuous DNS service locally when the WAN is disconnected, with no local administration needed, eliminating the need for DNS servers at branch offices.
A cache holds the resolved address entries information. For information on DNS Statistics, see Viewing DNS Cache Utilization reports.
To enable the DNS name server
1. Choose Optimization > Branch Services: Caching DNS to display the Caching DNS page.
2. Under General Settings, complete the configuration as described in this table.
Control
Description
Enable Caching DNS
Enabled—Forwards name resolution requests to a DNS name server, then stores the address information locally in the SteelHead. By default, the requests go to the root name server, unless you specify another name server.
Disabled—Stops the SteelHead from acting as the DNS name server.
DNS Cache Size (bytes)
Specifies the cache size, in bytes. The default value is 1048576. The range is from 524288 to 2097152.
Primary Interface Responding to DNS Requests
Enabled—Enables the name server to listen for name resolution requests on the primary interface.
Disabled—Stops the name server from using the primary interface.
Aux Interface Responding to DNS Requests
Enabled—Enables the name server to listen for name resolution requests on the auxiliary interface.
Disabled—Stops the name server from using the auxiliary interface.
To move the position of a name server in the DNS Forwarding name server list, select the name server IP address and click Move Selected Servers.
To remove a name server from the list, select the name server IP address and click Remove Selected Servers. You can’t remove the last name server in the list unless the root name server is enabled.
3. Click Apply to apply your changes to the running configuration.
4. Under DNS Forwarding Name Servers, complete the configuration as described in this table.
Control
Description
Add a New DNS Name Server
Displays the controls to add a DNS name server to which the SteelHead forwards requests to cache responses. By default, the SteelHead only forwards requests to the Internet root name servers when you enable caching DNS without specifying any name servers to forward requests to. You can add multiple name servers to use; the SteelHead uses failover to these if one name server is not responding.
Name Server IP Address
Specify an IP address for the name server.
Position
Specify the order in which the name servers are queried (when using more than one). If the first name server, or forwarder, doesn’t respond, the SteelHead queries each remaining forwarder in sequence until it receives an answer or until it exhausts the list.
Add
Adds the name server.
Remove Selected
Select the check box next to the name and click Remove Selected Servers.
Move Selected
Select the check box next to the name and click Move Selected Servers.
5. Under Advanced Cache, complete the configuration as described in this table.
Control
Description
Caching of Forwarded Responses
Enables the cache that holds the resolved address entries. The cache is enabled by default; however, nothing is actually cached until you select the General Setting Enable Caching DNS.
Maximum Cache Time (seconds)
Specify the maximum number of seconds the name server stores the address information. The default setting is one week (604,800 seconds). The minimum is 2 seconds and the maximum is 30 days (2,592,000 seconds). You can adjust this setting to reflect how long the cached addresses remain up-to-date and valid.
Changes to this setting affect new address information and don’t change responses already in the cache.
Minimum Cache Time (seconds)
Specify the minimum number of seconds that the name server stores the address entries. The default value is 0. The maximum value is the current value of Maximum Cache Time.
Typically, there’s no need to adjust this setting.
Changes to this setting affect new responses and don’t change any responses already in the cache.
Neg DNS Maximum Cache Time (seconds)
Specify the maximum number of seconds that an unresolved negative address is cached. The valid range is from two seconds to 30 days (2,592,000 seconds). The default value is 10,800 seconds.
A negative entry occurs when a DNS request fails and the address remains unresolved. When a negative entry is in the cache, the appliance doesn’t request it again until the cache expires, the maximum cache time is reached, or the cache is cleared.
Neg DNS Minimum Cache Time (seconds)
Specify the TTL for a negative entry, which is always this value or above, even if the server returns a smaller TTL value. For example, when this value is set to 300 seconds and the client queries aksdfjh.com, the DNS service returns a negative answer with a TTL of 100 seconds, but the DNS cache stores the entry as having a TTL of 300 seconds. The default value is 0, which specifies that the SteelHead still caches negative responses; it doesn’t place a lower bound on what the TTL value for the entry can be.
Freeze Cache
Freezes the cache contents. When the cache is frozen, entries don’t automatically expire from the cache. They are still returned in response to DNS queries. This feature is useful to keep local services available when the WAN is disconnected. By default, this setting is disabled.
When the cache is frozen and full, entries can still be pushed out of the cache by newer entries.
Minimum TTL of a Frozen Entry (seconds)
Specify the minimum TTL in seconds that a response from a frozen cache has when sent to a branch office client. The default value is 10. For example, suppose this value is set to 60 seconds. At the time the cache is frozen, the cache entry for riverbed.com has a TTL of 300 seconds. For subsequent client requests for riverbed.com, the service responds with a TTL of 300 seconds minus however much time has elapsed since the cache freeze. After 240 seconds have elapsed, the service responds to all subsequent requests with a TTL of 60 seconds regardless of how much time elapses, until the cache is unfrozen.
6. Under Advanced Name Servers, complete the configuration as described in this table.
Control
Description
For Unresponsive Name Servers
Detects when one of the name servers is not responding and sends requests to a responsive name server instead.
Forwarder Down After (seconds)
Specify how many seconds can pass without a response from a name server until the appliance considers it unresponsive. The default value is 120. When the name server receives a request but doesn’t respond within this time and doesn’t respond after the specified number of failed requests, the appliance determines that it’s down. It then queries each remaining forwarder in sequence until it receives an answer or it exhausts the list. When the list is exhausted and the request is still unresolved, you can specify that the SteelHead try the root name server.
Forwarder Down After (requests)
Specify how many requests a name server can ignore before the appliance considers it unresponsive. The default value is 30. When the name server doesn’t respond to this many requests and doesn’t respond within the specified amount of time, the appliance determines that it’s down. It then queries each remaining forwarder in sequence until it receives an answer or it exhausts the list. When the list is exhausted and the request is still unresolved, you can specify that the SteelHead try the root name server.
Retry Forwarder After (seconds)
Specify the time limit, in seconds, that the appliance forwards the name resolution requests to name servers that are responding instead of name servers that are down. The appliance also sends a single query to name servers that are down using this time period. If they respond, the appliance considers them back up again. The default value is 300.
The single query occurs at intervals of this value if the value is set to 300. A request is allowed to go to a forwarder considered down about every 300 seconds until it responds to one.
Fallback to Root Name Servers
Forwards the request to a root name server when all other name servers have not responded to a request. This is the default setting; either this option must be enabled or a server must be present. When the fallback to root name servers option is disabled, the SteelHead only forwards a request to the forwarding name servers listed above. If it exhausts these name servers and doesn’t get a response, it doesn’t forward the request to a root name server and returns a server failure.
If the name servers used by the SteelHead are internal name servers; that is, they can resolve hostnames that external name servers like the Internet DNS root servers can’t, you must disable this option. Otherwise, if the name servers all fail, the root name servers might inform the SteelHead that a host visible only to internal name servers doesn’t exist, might cache that response, and return it to clients until it expires. This control prolongs the period of time until service comes back up after name servers are down.
7. Click Apply to apply your changes to the running configuration.
8. Click Save to Disk to save your settings permanently.
Clearing the cache
You can clear all entries from the cache. You can’t clear individual objects from the cache.
To clear the cache
Under Cache Actions, complete the configuration as described in this table.
Control
Description
Clear Cache
Removes entries from the cache, even if it’s frozen. All cached data expires.
A small amount of data remains in the cache for internal use only.
Related topics
Configuring HTTP optimization
Viewing DNS Cache Utilization reports