Barracuda NextGen Firewall X

Flush dynamic dns peer entries for IPSEC tunnels

  • Type: Knowledgebase
  • Date changed: one year ago
Solution 00005274 

This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x


A VPN tunnel is configured and uses a dynamic dns host as peer. If the peer change his address, it takes about 15min until the tunnel re-establish again.



The IKE cache the resolved IP addresses for dynamic dns peers for about 15 minutes (TTL). After this period a new resolve will be done. In case of a IP change of the peer in the timespan the IKE daemon will not resolve the host again. In the worest case, it takes about 15min until the tunnel may be re-established again.


There is no config setting available to set the TTL but its possible to flush the DNS cache of the IKE every x minutes via a cronjob in the "Config" > "Box" > "Advanced Configuration" > "Systen Scheduler" .

Use this comannd to fulsh the cache. All dynamic dns peer IPs will be resolved immediately.

/opt/phion/bin/ipsecctrl isa flushdns &

