DNS cache TTL in siteminder
search cancel

DNS cache TTL in siteminder


Article ID: 132424


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


Could you please help me confirm the DNS cache TTL in siteminder? Currently our siteminder is connecting to ca directory via a load balancer , I would like to understand if the load balancer failover to its secondary node, how soon the policy manager can get the new ip.


Component: SMPLC


We do not believe the policy server caches DNS. The operating system might, you would need to check with the OS vendor for this. 

Java can cache DNS, and does by default. This is configured with networkaddress.cache.ttl in <jre>\lib\security\java.security. 

A positive value is the number of seconds it is cached for. 0 is never cache. A negative value means cache for the lifetime of the java process. 

This is noted in the following for Access Gateway/SPS: 

I do not think it affects the policy server. However, it might be worth modifying this for the instance of java you use for the policy server anyway.