cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FQDN Support: details about caching?

SOLVED
Getting noticed

FQDN Support: details about caching?

I still like the "FQDN support" feature https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support -- even if it raises some questions (see https://community.meraki.com/t5/Security-SD-WAN/FQDN-Support-How-does-the-wildcard-quot-quot-asteris... and https://community.meraki.com/t5/Security-SD-WAN/Restricting-Cellular-data-during-failover-to-busines...).

 

But the documentation is really marginal on it: It doesn't tell you

  • how long the DNS query results ("IP mapping") are cached -- if there is a time limit at all
  • when or how that cache is been cleared
  • how that cache contents can be displayed in order to debug "strange hits"
CMNA, CISSP, CISM
1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: FQDN Support: details about caching?

>how that cache contents can be displayed in order to debug "strange hits"

 

You cna't display the DNS cache.

2 REPLIES 2
Kind of a big deal

Re: FQDN Support: details about caching?

From my experience, the results are cached based on the TTL returned from the DNS server which says how long they are allowed to be cached for.

 

For example, on many Amazon AWS S3 domains it only caches the results for 60s (matching the TTL).  I have observed this myself.

Kind of a big deal

Re: FQDN Support: details about caching?

>how that cache contents can be displayed in order to debug "strange hits"

 

You cna't display the DNS cache.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.