Skip to main content

Virtual Appliance and Internal DNS Server Selection

gfoskett
  • Updated
  • min read

Purpose

 

This article will cover how the Virtual Appliance (VA) selects which internal DNS server to use. 

 

Server Selection

 

The VA does not use a simple round-robin or fixed primary/secondary sequence for your configured internal DNS servers.


Initially, or when its performance data for servers has aged (the RTT cache expires every 15 minutes). The forwarder will query servers in a random order using an increasing set of timeout values until it gets a response. Forwarders use a set of timeouts: 0.6, 1.0, 2.0, 4.5 and the max value  is 16.

DNS server performance measurements

  • The VA measures the Round Trip Time (RTT) – how quickly each of your configured internal DNS servers responds. This RTT data is cached for 15 minutes.
  • After the initial RTT gathering, the VA uses this data to favor sending queries to the most responsive (lowest RTT) configured internal DNS server.
  • If a server becomes slow or unresponsive, the VA will temporarily de-prioritize it. This ensures resilience and aims to use the "best" (quickest) server from the list you provide.

What is cached?

The VA's RTT mechanism caches the performance data (the RTT) of your configured internal DNS servers.
It does not cache the DNS query results (e.g., A, CNAME records) themselves within this RTT mechanism. DNS query results are cached separately by the VA's DNS resolver component, respecting their individual TTLs.

 

How to Configure Specific DNS Servers

 

The VA will select from the list of internal DNS servers you configure on it, favoring the fastest ones. To ensure VAs in a specific location consistently provide IP addresses only for that location, the following is crucial:


A. Targeted VA Configuration: On your VAs in a specific location, you must configure only those internal DNS servers that are designated and confirmed to provide IP addresses specific to that location. Remove any internal DNS servers from other locations from the VA's configuration list. This limits the VA's choice to only the appropriate servers for that site.


B. Internal DNS Server Consistency: Critically, ensure each of your internal DNS servers consistently returns the correct and intended IP address for its designated role and location.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Related articles