ProxySG TCP Health Check failing due to large ttl advertised by the dns server for a particular A record

book

Article ID: 168693

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

A manually-configured tcp health check may fail due to the A record being cached, and if it also has a long ttl the cached IP address record may prevent the proxy from performing a new DNS query. 

Cause

The health checks system is honouring the TTL returned by the DNS server. For cases where the wrong TTL is advertised, the TCP health check can be set to use the "Maximum time to live for DNS results" field to force the DNS lookup.


 

Resolution

Deleting the health check and creating a new health check resolves the issue.

Workaround

  1. Go to the ProxySG appliance Management Console > Configuration > Health Checks > Background DNS 
  • Change the value of "Minimum time to live for DNS results" to 5
  • Change the value of "Maximum time to live for DNS results" to 6