Hi all,
We have a very large deployment and we are having some problems with netdestination and the cache of the controller.
We have a netdestination including some resources that users are able to reach before they aunthenticates, this netdestination is whitelisted under de correct profile. the destinations includes facebook, linkdn, fbcdn.net etc
the problem is, due to the very large ip addresses that fbcdn.net is resolved to, the controller has a very large list of ip addresses in the list.
if we check the following command:
show firewall dns-names, we have a very big list of ip addresses, when this list is very big, the controller returns the following error when we type show firewall dns-names:
module authentication is busy, please try again later.
When this happens, new clients are not able to reach faccebook login page, so I think the controller cannot handle the list and cannnot apply the whitelist properly.
reloading the controller fix the problem for days, but when the list is very large once again, we have the same problem
I would like to know how controller build and maintane this list
when the client connects and try to resolve facebook.com, send a query towards the dns server, the dns responds and, is the controller perform dns snooping in order to see the resolved ip address and add this ip address to list?
or it is the controller itself who ask the dns for all the domains included in the netdestanion and adds the ip address?
Is there any way to manually flush the firewall dns-name table wihtout reloading the controller?
thanks for your help!