FQDN Address Groups - optimal setting for TTL on this obj *

Alberto · June 2022

I have FROM TSR:

FQDN Object Cache:

AO_1: amazonaws

FQDN: *.amazonaws.com

NEXT EXPIRY: 06/30/2022 10:04:40.000

HOSTS: 92

SUB-DOMAINS: 27

I read: https://www.sonicwall.com/support/knowledge-base/impact-of-fqdn-address-objects-on-the-cpu/171004095251533/

I have this setting on object

Which is the optimal setting for TTL on this obj ?

In TSR I have this setting:

Network Object Manager

Refresh sub-domains of wild card FQDN address objects: Disabled

Retain expired FQDN hosts until a successful DNS resolution occurs: Disabled

Donot delete expired hosts of an FQDN Network Object with active connections: Disabled

Default TTL value: 360 seconds

DNS query retry threshold: 3

DNS query maximum retry threshold: 500, Retry Interval: 300 seconds

Stop DNS queries for Custom FQDN objects after maximum threshold: Yes

Stop DNS queries for Default FQDN objects after maximum threshold: No

Number of FQDN objects that have stopped DNS query: 3

Default poll timeout: 60.000 seconds

Minimum poll timeout: 0.050 seconds

......

Thanks

BWC · June 2022

@Alberto did you read this KB article?

https://www.sonicwall.com/support/knowledge-base/impact-of-fqdn-address-objects-on-the-cpu/171004095251533/

Do you expect a high load on the firewall because of to much records which need to be resolved? Usually I would not overwrite the TTL if not necessary and live with the TTLs provided by the DNS, but this might not fit here.

--Michael@BWC

Join the Conversation

FQDN Address Groups - optimal setting for TTL on this obj *

Comments