Document toolboxDocument toolbox

Endpoint Health Check

Owned by Gary Leicht
Last updated: Sept 06, 2024
3 min read

Health Check Workflow

  1. When Infoblox Endpoint starts the proxy, it performs a health check for the cloud reachability. After that, Infoblox Endpoint performs the health check periodically. 
  2. For health checks, Infoblox Endpoint usually uses domains  ntp.ubuntu.com and pool.ntp.org.
  3. A health check makes two subtests by using a domain: the tcp subtest and  udp subtest. They run simultaneously.
  4. .Every subtest makes two queries. If both queries fail, Infoblox Endpoint  considers the system unhealthy. If either query is successful, Infoblox Endpoint  does not send another.
  5. The interval between health checks for the proxy is one hour. However, if two client queries fail successively, Infoblox Endpoint does not wait for the interval to elapse and, instead, triggers the health check immediately.
  6. If the health check fails, Infoblox Endpoint stops serving the DNS queries, goes to an unprotected state, and sets the status message to “You are not being protected by Infoblox Endpoint because the Infoblox DNS Server cannot be reached.”
  7. If Infoblox Endpoint detects that a full VPN tunnel has intercepted any DNS query, , it goes to an unprotected state and sets the status message to “You are not being protected by Infoblox Endpoint because some software (probably, a VPN client) intercepts DNS requests on this computer”.
This health check procedure tests for the availability of Infoblox Threat Defense resolvers. It does not test for the availability of local resolvers: that is, the resolvers intended for resolving internal domains. The following domains are used when performing a health check on Infoblox Endpoint: ntp.ubuntu.com, pool.ntp.org, and dig.ns

Maximum number of concurrent DNS queries

Infoblox Endpoint can process up to 1000 concurrent DNS queries. If this limit is exceeded, the client will receive a DNS response with the response code SERVFAIL.

Maximum number of TCP connections

Infoblox Endpoint can serve multiple DNS queries through a single TCP connection sequentially: that is, by handling one DNS query at a time. However, if a client sends multiple queries simultaneously, Infoblox Endpoint can establish more than one connection. The maximum number of TCP connections is tied to the maximum allowed number of concurrent DNS queries: 1000.

Health Check Workflow

  1. When Infoblox Endpoint starts the proxy, it performs a health check for the cloud reachability. After that, Infoblox Endpoint performs the health check periodically. 
  2. For health checks, Infoblox Endpoint usually uses domains  ntp.ubuntu.com and pool.ntp.org.
  3. A health check makes two subtests by using a domain: the tcp subtest and  udp subtest. They run simultaneously.
  4. .Every subtest makes two queries. If both queries fail, Infoblox Endpoint  considers the system unhealthy. If either query is successful, Infoblox Endpoint  does not send another.
  5. The interval between health checks for the proxy is one hour. However, if two client queries fail successively, Infoblox Endpoint does not wait for the interval to elapse and, instead, triggers the health check immediately.
  6. If the health check fails, Infoblox Endpoint stops serving the DNS queries, goes to an unprotected state, and sets the status message to “You are not being protected by Infoblox Endpoint because the Infoblox DNS Server cannot be reached.”
  7. If InfobloxEndpoint detects that a full VPN tunnel has intercepted any DNS query, , it goes to an unprotected state and sets the status message to “You are not being protected by Infoblox Endpoint because some software (probably, a VPN client) intercepts DNS requests on this computer”.
This health check procedure tests for the availability of Infoblox Threat Defense resolvers. It does not test for the availability of local resolvers: that is, the resolvers intended for resolving internal domains. The following domains are used when performing a health check on Infoblox Endpoint: ntp.ubuntu.com, pool.ntp.org, and dig.ns

Maximum number of concurrent DNS queries

Infoblox Endpoint can process up to 1000 concurrent DNS queries. If this limit is exceeded, the client will receive a DNS response with the response code SERVFAIL.

Maximum number of TCP connections

Infoblox Endpoint can serve multiple DNS queries through a single TCP connection sequentially: that is, by handling one DNS query at a time. However, if a client sends multiple queries simultaneously, Infoblox Endpoint can establish more than one connection. The maximum number of TCP connections is tied to the maximum allowed number of concurrent DNS queries: 1000.