Health Check Workflow
- When BloxOne Endpoint starts the proxy, it performs a health check for the cloud reachability. After that, BloxOne Endpoint performs the health check periodically.
- For health checks, BloxOne Endpoint usually uses domains ntp.ubuntu.com and pool.ntp.org.
- A health check makes two subtests by using a domain: the tcp subtest and udp subtest. They run simultaneously.
- .Every subtest makes two queries. If both queries fail, BloxOne Endpoint considers the system unhealthy. If either query is successful, BloxOne Endpoint does not send another.
- The interval between health checks for the proxy is one hour. However, if two client queries fail successively, BloxOne Endpoint does not wait for the interval to elapse and, instead, triggers the health check immediately.
- If the health check fails, BloxOne Endpoint stops serving the DNS queries, goes to an unprotected state, and sets the status message to “You are not being protected by Infoblox BloxOne Endpoint because the Infoblox BloxOne DNS Server cannot be reached.”
- If BloxOne Endpoint detects that a full VPN tunnel has intercepted any DNS query, , it goes to an unprotected state and sets the status message to “You are not being protected by Infoblox BloxOne Endpoint because some software (probably, a VPN client) intercepts DNS requests on this computer”.
Maximum number of concurrent DNS queries
BloxOne Endpoint can process up to 1000 concurrent DNS queries. If this limit is exceeded, the client will receive a DNS response with the response code SERVFAIL.
Maximum number of TCP connections
BloxOne Endpoint can serve multiple DNS queries through a single TCP connection sequentially: that is, by handling one DNS query at a time. However, if a client sends multiple queries simultaneously, BloxOne Endpoint can establish more than one connection. The maximum number of TCP connections is tied to the maximum allowed number of concurrent DNS queries: 1000.
This page has no comments.