Here is the syntax for forwarding host
fwd_host <alias> <host-name> [http[=<port>]] [https[=<port>]][ftp[=<port>]] [mms[=<port>]] [rtsp[=<port>]] [tcp=<port>][telnet[=<port>]] [ssl-verify-server=[yes|no]] [server|proxy]
<host_name> The name of the host domain, such www.bluecoat.com, or its IP address
So if you configure forwarding host as the host domain like following.
fwd_host test_com wwww.test.com http=80 ssl-verify-server=no server
Here is the sample Packet capture trace:
No. Time Source Destination S.Port D.Port Protocol Info
1 3.30 [SG-IP address] [DNS Server IP] 50533 53 DNS Standard query A wwww.test.com
2 3.30 [DNS Server IP] [SG-IP address] 53 50533 DNS Standard query response A AA.AAAA.AAA.AA1 A AA.AAAA.AAA.AA2
Domain Name System (response)
Answers wwww.test.com: type A, class IN, addr AA.AAAA.AAA.AA1, Time to live: "1 hour"
wwww.test.com: type A, class IN, addr AA.AAAA.AAA.AA2, Time to live: "1 hour"
3 29.67 [Client IP Add] [SG-IP address] 1426 8080 HTTP GET http://wwww.test.com/health-check.test HTTP/1.0
4 29.87 [SG-IP address] AA.AAAA.AAA.AA2 57279 80 HTTP GET /health-check.test HTTP/1.1
5 178.43 [SG-IP address] [DNS Server IP] 54052 53 DNS Standard query A wwww.test.com
6 178.43 [DNS Server IP] [SG-IP address] 53 54052 DNS Standard query response A BB.BBB.BBB.BBB1 A BB.BBB.BBB.BB2
7 195.26 [Client IP Add] [SG-IP address] 1455 8080 HTTP GET http://wwww.test.com/health-check.test HTTP/1.0
8 195.45 [SG-IP address] AA.AAAA.AAA.AA2 56693 80 HTTP GET /health-check.test HTTP/1.1
DNS server reply AA.AAAA.AAA.AA1 and AA.AAAA.AAA.AA2 address for wwww.test.com. Then SG access to the OCN by AA.AAAA.AAA.AA2.
150 seconds later (Frame#5, 6), SG receive the new IP addresses for wwww.test.com but SG still send request to old IP address (Frame#7, 8).
When the DNS server returns a result with a high TTL ("1 hour" in Frame#2), the SG correctly assumes that it can cache that result for the duration of the TTL.
Although the SG does do another query of the name (like Frame#5, 6 in above sample), it seems as though this doesn't update the stored values that other health checks because it is still within the TTL of the first result.
In this case, clear DNS cache or rebooting SG does not help
Overriding the maximum TTL value on the proxy for health checks will make the health checks query the DNS server more frequently.
You can change this value
- Bluecoat SG Management Console > Configuration > Health Checks > Background DNS.
Check "Maximum time to live for DNS results" and fill in a value in seconds.
- CLI using: (config)#background-dns-updates maximum-ttl <seconds>
Related info: KB3906