Page tree

Contents

Health Check Workflow

  1. When BloxOne Endpoint starts the proxy, it performs a health check for the cloud reachability. After that, BloxOne Endpoint performs the health check periodically. 
  2. For health checks, BloxOne Endpoint usually uses domains  ntp.ubuntu.com and pool.ntp.org.
  3. A health check makes two subtests by using a domain: the tcp subtest and  udp subtest. They run simultaneously.
  4. .Every subtest makes two queries. If both queries fail, BloxOne Endpoint  considers the system unhealthy. If either query is successful, BloxOne Endpoint  does not send another.
  5. The interval between health checks for the proxy is one hour. However, if two client queries fail successively, BloxOne Endpoint does not wait for the interval to elapse and, instead, triggers the health check immediately.
  6. If the health check fails, BloxOne Endpoint stops serving the DNS queries, goes to an unprotected state, and sets the status message to “You are not being protected by Infoblox BloxOne Endpoint because the Infoblox BloxOne DNS Server cannot be reached.”
  7. If BloxOne Endpoint detects that a full VPN tunnel has intercepted any DNS query, , it goes to an unprotected state and sets the status message to “You are not being protected by Infoblox BloxOne Endpoint because some software (probably, a VPN client) intercepts DNS requests on this computer”.
This health check procedure tests for the availability of BloxOne Threat Defense Cloud resolvers. It does not test for the availability of local resolvers: that is, the resolvers intended for resolving internal domains. The following domains are used when performing a health check on BloxOne Endpoint: ntp.ubuntu.com, pool.ntp.org, and dig.ns

Maximum number of concurrent DNS queries

BloxOne Endpoint can process up to 1000 concurrent DNS queries. If this limit is exceeded, the client will receive a DNS response with the response code SERVFAIL.

Maximum number of TCP connections

BloxOne Endpoint can serve multiple DNS queries through a single TCP connection sequentially: that is, by handling one DNS query at a time. However, if a client sends multiple queries simultaneously, BloxOne Endpoint can establish more than one connection. The maximum number of TCP connections is tied to the maximum allowed number of concurrent DNS queries: 1000.

  • No labels

This page has no comments.