Hi leangf2018_cb,
Apologies this community was dormant until now.
Unfortunately we can not fine tune the DNS cache limit alert.
In environments with many active applications, the Edge DNS cache can become full and cause an alert every 10 minutes that DNS entries have been missed. Clearing the Edge DNS cache will temporarily relieve the issue
In general there will be 2 types of entries in ip dns cache file .
DNS based (snooped) the life time depends on the DNS response and other one edge learnt via DPI.
DPI entries usually had a lifetime of 1day but gets refreshed when reused.
While we cant fine tune the alert, we have made some enhancement to the Edge code to better handle the DNS cache.
When the cache is full, the Edge will now reclaim the least recently used entry, as long as the entry hasn't been used in the last 5 minutes, to allow room for the new incoming entry.
DNS Cache logic is enhanced in Edge version:
452 VCE 20240125 RU4, 5.0.1.6, 5.1.1.0, 5.2.2.0, 5.2.3.0, 6.0.0.0, 4.5.3, 5.4.1.0
Refer to release notes: https://docs.vmware.com/en/VMware-SASE/5.2.2/rn/vmware-sase-522-release-notes/index.html
Issue: 126520
------------------------------
Regards,
Ameya Oke
Client Services Consultant | Software Defined Edge
Broadcom
ameya.oke@broadcom.com | broadcom.com
------------------------------
Original Message:
Sent: Mar 25, 2024 06:54 AM
From: leangf2018_cb
Subject: Fine tune alerts -> DNS_CACHE_LIMIT_REACHED
Hi,
What is the settings to be configured on the edges profile for dns cached? Best practice for the dns configuration?
Most users are using the public dns. Any way we can fine tune the settings?
thank,