DNS Lookup issue?

  • hi all

    in order to create policies for specific clients we want to use dns names for the clients as source and destination address. That’s working actually fine until the client changes it’s IP address. It takes a while until the Netscreen’s DNS cache refreshes and initiates a lookup in order to get the new IP address. this is really annoying and actually not usable, since the policy certainly does not work any more until netscreen’s DNS cache is updated. Certainly I have configured the refresh rate to the lowest value.

    Is there any chance to change this behaviour, resp. to refresh the cache more often?

    …or am I wrong in this case and is there another possiblity to use DNS names as source/destination on Netscreens? I do not want to use static IP’s since our users are moving around a lot in our buidling and get different IPs in different subnets depending on the building and floor.

    Thanks  a lot for your answers - in case if someone can confirm that there is no chance to get the DNS refreshed more often I would appreciate the confirmation as well of course so I can stop troubleshooting

  • Hi,

    I think the DNS record parameter is decided by the DNS server.
    Meaning, SSG is just getting the information.

    So you have to look into the DNS server record file and
    make TTL (I don’t remember the exact name…) short.

    What we can do on SSG is, as you know,  manual refresh by “exec dns refresh”.


  • …forgot to post hard/software

    we use ssg550/ssg140 and ssg5 screen OS 5.4.0r12.0 (SSG550) and 6.2.r07 (rest)