Technical Tip: Different methods explained for DNS probe used in SD-WAN performance SLA
| Description | This article describes different methods used for DNS probe in SD-WAN performance SLA. |
| Scope | FortiGate. |
| Solution | When the DNS is selected as the protocol for the performance SLA, the working is different from the Ping protocol. Considering the below Performance SLA, which uses the DNS method:
With the above settings, the firewall will send probes with DNS servers configured in Network ->DNS settings. In this case, FortiGuard servers (96.45.45.45 and 96.45.46.46):
The DNS domain probed with the default settings is example.com:
config system sdwan (sdwan) # config health-check edit "FQDN"set probe-packets enable
Verify the behavior when the DNS server is specified to probe instead of the system DNS: In this case, 4.2.2.2 is specified :
Now the source used to probe the example.com is 4.2.2.2:
The default algorithm to probe the DNS server is least-rtt:
(dns) # set server-select-method
By default, a continuous probe will be sent to the specified DNS servers. If the mode is changed to failover in DNS settings, the behavior is changed:
(dns) # set server-select-method failover (dns) # end
After selecting the Failover method, the probes will be sent to the primary DNS server only:
The probes will only shift to secondary DNS(4.4.2.2) if the primary goes down:
Also, it is possible to change the domain being probed, as mentioned in the article below: Technical Tip: DNS as probe protocol on SD-WAN Performance SLA health check |
