ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ProxySG TCP Health Check failing due to large ttl advertised by the dns server for a particular A record


Article ID: 168693


Updated On:


ProxySG Software - SGOS


A manually-configured tcp health check may fail due to the A record being cached, and if it also has a long ttl the cached IP address record may prevent the proxy from performing a new DNS query. 


The health checks system is honouring the TTL returned by the DNS server. For cases where the wrong TTL is advertised, the TCP health check can be set to use the "Maximum time to live for DNS results" field to force the DNS lookup.



Deleting the health check and creating a new health check resolves the issue.


  1. Go to the ProxySG appliance Management Console > Configuration > Health Checks > Background DNS 
  • Change the value of "Minimum time to live for DNS results" to 5
  • Change the value of "Maximum time to live for DNS results" to 6