Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

DNS Proxy Settings

  1. Last updated
  2. Save as PDF

Settings for handling queries to a domain name system server (DNS server).

Option Definition
IP protocol version preference

Lets you select the protocol version that is preferred when retrieving IP addresses from a DNS server.

  • Same as incoming connection — When selected, the protocol version is used that is already in use on the incoming connection.
  • IP4 — When selected, this protocol version is used.
  • IP6 — When selected, this protocol version is used.
  • Use other protocol version as fallback — When selected, the other protocol version is used if using the preferred version resulted in a failure.
    When this option is selected, you can also configure the following.
    • Enable simultaneous DNS queries for IPv4 and IPv6 — When selected, DNS queries for IPv4 and IPv6 addresses are sent at the same time.
      When this option is selected, you can also configure the following.
    • Time to wait for results with a preferred IP version (IPv4/IPv6) after initiating simultaneous DNS queries — Limits the time (in milliseconds) that elapses until a connection that uses the other protocol version is accepted when no connection could be set up using the preferred version.
    • Count of IP addresses of the preferred version (IPv4/IPv6) to be used from the DNS query results — Limits the number of IP addresses that are tried under the preferred protocol version for setting up a connection before IP addresses are tried under the other version.
      The number of retries that can be configured ranges from 1 to 4.

A query for retrieving IP addresses from a DNS server can result in multiple IPv4 of IPv6 addresses, Whether an IPv4 or an IPv6 address is used for setting up a connection, depends on what you have configured above.

When multiple IP addresses are available within the same address family (IPv4 or IPv6), addresses are sorted according to several parameters. Connection attempts are then made using these addresses in the order in which they are sorted.

The parameters for sorting IP addresses are listed in the following. They are applied in the order they are listed.

  • Precedence of an IP address
    The precedence of an IP address is calculated based on its address prefix. An IP address with a higher precedence value is tried for connecting before an address with a lower value.
  • Scope of an IP address
    An IP address can have different scopes as follows:
    • Link local
    • Site or uniquely local
    • Global
      The scopes are used for sorting in the order they are listed here.
  • Connection time (round trip time)
    Connection history is recorded. So when less time was required for setting up a connection using a particular IP address on a previous occasion, this address is preferred over another IP address that required more time.

  • Least recently used IP address
    Connection history is also used to determine when IP addresses were used for the last time. An IP address that was used less recently than another IP address is preferred of this address.

Minimal TTL for DNS cache

Sets a minimum time (in seconds) that must have elapsed before data stored in the DNS cache is deleted.

Maximal TTL for DNS cache

Set a maximum time (in seconds) that must have elapsed before data stored in the DNS cache is deleted.

Flush DNS cache

Flushes the DNS cache.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.