What will happen in that case when DNS server becomes unreachable ?
Would destination server be unreachable ?
Possible solution if DNS server gets unreachable.
the fqdnobject will retain it's ild mapping even after the TTL expires if the dns server is unreachable at the time of expiry
So the only time the firewall actually takes TTL into account is 9.0 and later, otherwise 8.1 and lower don't care about the records TTL. Within 9.0 you have an option of configuring both a Minimum FQDN refresh, along with a Stale Entry timeout. The Stale Entry setting is what you will want to look at and configure appropriately, as that's how long the firewall will continue to use its cache for FQDN objects if the DNS server isn't reachable.
Prior to 9.0; the firewall doesn't take into account the TTL. It would refresh at whatever interval you have configured and if the DNS server became unreachable it would utilize it's cache entry until it was able to either refresh, the firewall was restarted, or the cache was cleared.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!