Meraki

Community

FQDN Support: details about caching?

Solved
AndreasE
Getting noticed
‎Nov 7 2019 8:48 AM
‎Nov 7 2019 8:48 AM

FQDN Support: details about caching?

I still like the "FQDN support" feature https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support -- even if it raises some questions (see https://community.meraki.com/t5/Security-SD-WAN/FQDN-Support-How-does-the-wildcard-quot-quot-asteris... and https://community.meraki.com/t5/Security-SD-WAN/Restricting-Cellular-data-during-failover-to-busines...).

 

But the documentation is really marginal on it: It doesn't tell you

  • how long the DNS query results ("IP mapping") are cached -- if there is a time limit at all
  • when or how that cache is been cleared
  • how that cache contents can be displayed in order to debug "strange hits"
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 7 2019 2:23 PM
‎Nov 7 2019 2:23 PM

>how that cache contents can be displayed in order to debug "strange hits"

 

You cna't display the DNS cache.

View solution in original post

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 7 2019 2:23 PM
‎Nov 7 2019 2:23 PM

From my experience, the results are cached based on the TTL returned from the DNS server which says how long they are allowed to be cached for.

 

For example, on many Amazon AWS S3 domains it only caches the results for 60s (matching the TTL).  I have observed this myself.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 7 2019 2:23 PM
‎Nov 7 2019 2:23 PM

>how that cache contents can be displayed in order to debug "strange hits"

 

You cna't display the DNS cache.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.