ProxySG TCP Health Check failing due to large ttl advertised by the dns server for a particular A record
book
Article ID: 168693
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
A manually-configured tcp health check may fail due to the A record being cached, and if it also has a long ttl the cached IP address record may prevent the proxy from performing a new DNS query.
Cause
The health checks system is honouring the TTL returned by the DNS server. For cases where the wrong TTL is advertised, the TCP health check can be set to use the "Maximum time to live for DNS results" field to force the DNS lookup.
Resolution
Deleting the health check and creating a new health check resolves the issue.
Workaround
Go to the ProxySG appliance Management Console > Configuration > Health Checks > Background DNS
Change the value of "Minimum time to live for DNS results" to 5
Change the value of "Maximum time to live for DNS results" to 6