/
Endpoint Health Check
Document toolboxDocument toolbox

Endpoint Health Check

Owned by Gary Leicht
Last updated: Jan 23, 2025
2 min read

Health Check Workflow

The health check workflow ensures that Infoblox Endpoint monitors the proxy’s cloud reachability to maintain proper DNS query handling. Health checks are conducted when the proxy starts and then periodically to ensure the system remains operational.

Domains Used for Health Checks:

  • ntp.ubuntu.com

  • pool.ntp.org


Health Check Process:

  1. Subtests Performed:
    Each health check performs two subtests for a domain:

    • TCP Subtest

    • UDP Subtest
      These subtests run simultaneously.

  2. Query Behavior:

    • Each subtest sends two queries.

    • If both queries fail, Infoblox Endpoint considers the system unhealthy.

    • If either query succeeds, no additional health checks are sent for that interval.

  3. Health Check Interval:

    • The default interval between health checks is one hour.

    • If two consecutive client queries fail, Infoblox Endpoint immediately triggers a health check, bypassing the default interval.

Behavior on Health Check Failure:

  1. If the health check fails:

    • Infoblox Endpoint stops serving DNS queries.

    • The system transitions to an unprotected state.

    • The following status message is displayed:
      “You are not being protected by Infoblox Endpoint because the Infoblox DNS Server cannot be reached.”

  2. If Infoblox Endpoint detects that a full VPN tunnel has intercepted any DNS query

    • Infoblox Endpoint detects the interception and transitions to an unprotected state.

    • The following status message is displayed:
      “You are not being protected by Infoblox Endpoint because some software (probably, a VPN client) intercepts DNS requests on this computer.”***

This health check procedure tests for the availability of Infoblox Threat Defense resolvers. It does not test for the availability of local resolvers: that is, the resolvers intended for resolving internal domains. The following domains are used when performing a health check on Infoblox Endpoint: ntp.ubuntu.com, http://pool.ntp.org, and dig.ns.

Maximum Limits for DNS Queries and TCP Connections

This section outlines the maximum limits for concurrent DNS queries and TCP connections handled by Infoblox Endpoint to ensure proper functionality and response behavior.

Maximum Number of Concurrent DNS Queries

  • Infoblox Endpoint can process up to 1,000 concurrent DNS queries.

  • If the limit is exceeded, the client receives a DNS response with the response code SERVFAIL.

Maximum Number of TCP Connections

  • Infoblox Endpoint can sequentially handle multiple DNS queries over a single TCP connection.

    • This means queries are processed one at a time.

  • If a client sends multiple queries simultaneously, Infoblox Endpoint can establish more than one TCP connection.

  • The maximum number of TCP connections is tied to the maximum number of concurrent DNS queries: 1,000.