Introduction

Typically, clients send DNS requests to a DNS server to resolve hostnames. However, DNS servers are frequently overloaded or not located close to the client; therefore DNS lookups can be slow and can be a bottleneck to fulfilling requests.

The DNS proxy caching option allows Content Gateway to resolve DNS requests on behalf of clients. This option off-loads remote DNS servers and reduces response times for DNS lookups. See Configuring DNS proxy caching.

The following overview illustrates how Content Gateway serves a DNS request.

1. A client sends a DNS request. The request is intercepted by a router or L4 switch that is configured to redirect all DNS traffic on port 53 to Content Gateway.
2. The ARM examines the DNS packet. If the DNS request is type A (answer), the ARM forwards the request to Content Gateway. The ARM forwards all DNS requests that are not type A to the DNS server.
3. For type A requests, Content Gateway checks its DNS cache to see if it has the hostname to IP address mapping for the DNS request. If the mapping is in the DNS cache, Content Gateway sends the IP address to the client. If the mapping is not in the cache, Content Gateway contacts the DNS server to resolve the hostname. When Content Gateway receives the response from the DNS server, it caches the hostname to IP address mapping and sends the IP address to the client. If round-robin is used, Content Gateway sends the entire list of IP address mappings to the client and the round-robin order is strictly followed.
   Note: If the hostname to IP address mapping is not in the DNS cache, Content Gateway contacts the DNS server specified in the /etc/resolv.conf file. Only the first entry in resolv.conf is used. This might not be the same DNS server for which the DNS request was originally intended.

   The DNS cache is held in memory and backed up on disk. Content Gateway updates the data on disk every 60 seconds. The TTL (time-to-live) is strictly followed with every hostname to IP address mapping.