Introduction
Typically, clients send DNS requests to a DNS server to resolve hostnames. However, DNS servers are frequently overloaded or not located close to the client; therefore DNS lookups can be slow and can be a bottleneck to fulfilling requests.
The DNS proxy caching option allows Content Gateway to resolve DNS requests on behalf of clients. This option off-loads remote DNS servers and reduces response times for DNS lookups. See Configuring DNS proxy caching.
Important: You can use the DNS proxy caching option only with a layer 4 switch or a Cisco router running WCCP v2.
The following overview illustrates how Content Gateway serves a DNS request.
- A client sends a DNS request. The request is intercepted by a router or L4 switch that is configured to redirect all DNS traffic on port 53 to Content Gateway.
- The ARM examines the DNS packet. If the DNS request is type A (answer), the ARM forwards the request to Content Gateway. The ARM forwards all DNS requests that are not type A to the DNS server.
- For type A requests, Content Gateway checks its DNS cache to see if it has the hostname to IP address mapping for the DNS request. If the mapping is in the DNS cache, Content Gateway
sends the IP address to the client. If the mapping is not in the cache, Content Gateway contacts the DNS server to resolve the hostname. When Content Gateway receives the response from the DNS
server, it caches the hostname to IP address mapping and sends the IP address to the client. If round-robin is used, Content Gateway sends the entire list of IP address mappings to the client and
the round-robin order is strictly followed.Note: If the hostname to IP address mapping is not in the DNS cache, Content Gateway contacts the DNS server specified in the /etc/resolv.conf file. Only the first entry in resolv.conf is used. This might not be the same DNS server for which the DNS request was originally intended.
The DNS cache is held in memory and backed up on disk. Content Gateway updates the data on disk every 60 seconds. The TTL (time-to-live) is strictly followed with every hostname to IP address mapping.