DNS cache TTL in siteminder

book

Article ID: 132424

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Could you please help me confirm the DNS cache TTL in siteminder? Currently our siteminder is connecting to ca directory via a load balancer , I would like to understand if the load balancer failover to its secondary node, how soon the policy manager can get the new ip.

Environment

Release:
Component: SMPLC

Resolution

We do not believe the policy server caches DNS. The operating system might, you would need to check with the OS vendor for this. 

Java can cache DNS, and does by default. This is configured with networkaddress.cache.ttl in <jre>\lib\security\java.security. 

A positive value is the number of seconds it is cached for. 0 is never cache. A negative value means cache for the lifetime of the java process. 

This is noted in the following for Access Gateway/SPS: 
https://docops.ca.com/ca-single-sign-on/12-8/en/troubleshooting/ca-access-gateway-troubleshooting#CAAccessGatewayTroubleshooting-DNSisCachedforEveryRequest 

I do not think it affects the policy server. However, it might be worth modifying this for the instance of java you use for the policy server anyway.