dns-cache
Syntax
dns-cache {
error-response-delete-ip {
retry-interval seconds;
}
}
Hierarchy Level
[edit logical-systems logical-system-name security policies], [edit logical-systems logical-system-name tenants tenant-system-name security policies], [edit security policies], [edit tenants tenant-system-name security policies]
Description
Define security policy DNS cache behaviors.
When you don’t configure this statement [edit security policies
dns-cache]:
- If all DNS servers time out, the system removes the IP address from the cache.
- If none of the DNS servers return a valid IP and the last one times out, the IP address is removed from the cache.
When you configure the edit security policies dns-cache
error-response-delete-ip retry-interval seconds, the
system waits for the specified interval before resending DNS requests after deleting
the IP address from the cache.
Previously (prior to Junos OS Release 23.1R1), if a DNS server returned an error, the
IP address was removed from the cache (only with
error-response-delete-ip enabled). Timeouts were treated
differently and didn’t affect the cache. A valid response updated the cache, and on
cache expiry, the system retried DNS resolution—updating the cache if any server
responded with a valid IP.
Options
| error-response-delete-ip | Clear DNS cache entry IP on error DNS response
|
Required Privilege Level
security
Release Information
Statement introduced in Junos OS Release 20.1R1.