Hi All
We are looking at some options on how to perform URL TLD filtering for example \.office365.com*
The customer does not host their own DNS server and would rely mostly on corporate DNS.
The issue with doing URL filtering is mostly around the fact of DNS TTL. If the dns resolution of a domain changes the A record, while the client still has the old cache, the traffic in some cases may be denied if the filtering application has dynamically updated the A record in the policy set.
Anyone else able to share some alternatives on what can be done to provide some options to perform URL based filtering.
I've seen the URL's that the customer would connect to have TTL of 59 secs.
Say the corporate DNS keeps the cache normally at 300 secs.. then we have a potential disruption for 5 mins. Don't think we can make changes on corporate dns as that's used for the wider business.
Thanks in advance for any advice.
No comments:
Post a Comment