We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

What is DNS caching? How does my Barracuda Spam Firewall use it?

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00003511

Scope:
All Barracuda Spam Firewalls, firmware versions 3.5.10.016 and above.

Answer:
DNS servers relate domain names to IP addresses, and nearly all computers use them. Every time you go to a website by typing in the name of the site, unless it has been cached locally on your computer, it will use a DNS server to find the IP address of that website.

The Barracuda Spam Firewall is no exception, and many of its different spam checks rely on a responsive DNS server to remain efficient. To help reduce the load on your DNS server, Barracuda Spam Firewall firmware version 3.5.10.016 introduced DNS caching, allowing the Barracuda to store recent and frequent DNS lookups locally so that it would not need to query the configured DNS server with the same requests over and over. The Barracuda Spam Firewall will locally store (cache) these DNS records for a length of time specified by the TTL (time to live) value on the authoritative name server for each record, as will other devices that do DNS caching (including other DNS servers).

Unfortunately, DNS caching is a double-edged sword. It speeds up domain name resolution by storing recent answers, which means that it will also sometimes skip the normal resolution process. Because DNS servers cache answers until the TTL expires, it can take hours or even days for the entire Internet to recognize changes to DNS information for your domain name.

If you use internal DNS records, using DNS caching on the Barracuda Spam Firewall can cause problems - the Barracuda Spam Firewall may cache an external DNS record and use that instead. This is especially important when using hostnames, rather than IP addresses, to specify destination mail servers on the Barracuda Spam Firewall. In these cases, you would need to either use IP addresses to specify your destination mail servers (instead of hostnames), or only configure internal DNS servers on the Basic > IP Configuration page and set the Use Only These Servers? option to Yes. This will ensure that the Barracuda Spam Firewall will cache the appropriate IP addresses for your local mail server hostnames.

Additional Notes:
If the Use Only These Servers? option is set to No on the Basic > IP Configuration page, the Barracuda Spam Firewall will attempt to use external DNS records to resolve hostnames, even if internal DNS servers with internal records are configured.

Link to This Page:
https://campus.barracuda.com/solution/50160000000HGt0AAG