CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Could you please help me confirm the DNS cache TTL in siteminder? Currently our siteminder is connecting to ca directory via a load balancer , I would like to understand if the load balancer failover to its secondary node, how soon the policy manager can get the new ip.
Release: Component: SMPLC
We do not believe the policy server caches DNS. The operating system might, you would need to check with the OS vendor for this.
Java can cache DNS, and does by default. This is configured with networkaddress.cache.ttl in <jre>\lib\security\java.security.
A positive value is the number of seconds it is cached for. 0 is never cache. A negative value means cache for the lifetime of the java process.
This is noted in the following for Access Gateway/SPS: https://docops.ca.com/ca-single-sign-on/12-8/en/troubleshooting/ca-access-gateway-troubleshooting#CAAccessGatewayTroubleshooting-DNSisCachedforEveryRequest
I do not think it affects the policy server. However, it might be worth modifying this for the instance of java you use for the policy server anyway.