Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

DNS

DNS is critical for all types of web applications because it allows us to use domain names—for instance www.citrix.com—instead of remembering IP addresses. It also helps SSL-based web applications with certificates to work since the trust underneath is built upon the hostname attribute or FQDN. DNS is also crucial for GSLB because it is mainly a DNS-based load-balancing feature.

NetScaler can operate as its own authoritative DNS server or use another DNS server as source and NetScaler can also serve as a proxy between authoritative DNS servers and clients.

Now by default if we add an external DNS server, the DNS communication between the NetScaler and the DNS server is sourced from the SNIP address, which is closest to the source. This means that if we have multiple SNIP addresses it will choose the closest.

To add an external DNS server we can use the following command:

Add nameserver ip-address –type UDP

Note

There are other options under parameter –type: UDP, TCP, or UDP_TCP. Regular DNS traffic is UDP-based but TCP is used for zone transfers for instance and for larger payloads above 512 bytes.

We also have an option here to define the nameserver as running locally; note that this is not a fully functional DNS server, since it will hand out any records (even GSLB records) without checking with the GSLB services. Features such as zone transfers are not supported in this mode, but this is the only option that works with DNS recursion. Recursion is a feature that allows NetScaler to ask other DNS servers on behalf of a querying client.

add dns nameserver <IP address> -local
set dns parameter -recursion ENABLED -cacheRecords YES

Note

Setting up local configured entries will be synchronized to a high-availability node.

Now when we add a DNS server to NetScaler, it is added to the NS OS part of the kernel. Therefore we cannot use regular DNS-based tools such as dig, nslookup and so on to verify if the DNS server is active; this is because running these tools will only point to the local service of the DNS server. In order to verify connectivity we can use:

Show dns addrec FQDN

This will do a DNS query to the DNS server to see if the A-record is available. We can use the command:

Show nameserver

This will give us a status if the DNS server is available. Note that this is an ICMP-based monitor that is used to verify its status. So if ICMP is blocked to the DNS server the status will show as down. We can also set up NetScaler to use its own load balanced DNS server. This allows for high availability of DNS and we do not need to enable ICMP-based monitoring from the SNIP to the DNS servers. Then it will use the built-in lb monitor for DNS, which can be a specific DNS query (this ensures that DNS is operational and responding, not just that the host is alive).

To set up a load balanced DNS service we can just add the DNS servers as servers, add the DNS service, bind it to the backend servers, and then create a load balanced DNS vServer.

This can be done using the following command-line commands. First we add the different backend DNS servers:

Add server SERVERNAME 192.168.0.1
Add server SERVERNAME2 192.168.0.2

Then we need to create a DNS-based monitor, which is used to run a query against the different DNS servers. In this example it will query for demo.local and the DNS servers need to reply with the 192.168.60.1 address; if not, they will be marked as DOWN:

add lb monitor MONITORNAME DNS -query demo.local -queryType Address -LRTM DISABLED -IPAddress 192.168.60.1

Create the service that we bind to the backend servers:

add service SERVICENAME SERVERNAME DNS 53
add service SERVICENAME2 SERVERNAME2 DNS 53

Bind the monitor to the service we created:

bind service SERVICENAME -monitorName MONITORNAME
bind service SERVICENAME2 -monitorName MONITORNAME

Then we can create a load balanced DNS vServer:

add lb vserver DNSLBVSERVER DNS IPaddress 53

Bind the services to the lb vServer:

Bind lb vserver SERVICENAME
Bind lb vserver SERVICENAME2

If we want traffic to the backend DNS servers to come from a specific NetScaler IP address we can use netprofile to assign it to a particular SNIP address.

Add netprofile NAMEOFPROFILE –SrcIP 192.168.60.20
Set lb DNSLBVSERVER –netprofile NAMEOFNETPROFILE

Note that we cannot reference a DNS server as a regular nameserver and then try to add a lb vServer with DNS containing the same backend server. So after we have created a load-balanced DNS vServer we can use it as a nameserver for internal name resolving for NetScaler.

Add nameserver NAMEOFDNSVSERVER –type UDP

As stated we can also use NetScaler as an authoritative DNS server. This way we can support setting up GSLB, which we will be going through later in this chapter. We can add this as a service on NetScaler by using the following command:

add service SERVICENAME 192.168.60.53 adns 53

We can check if the DNS server is working properly, just by adding an A-record to the DNS server and checking from our local client:

add addrec test.local 192.168.60.77

Then we have to do a nslookup from our client using the following parameters:

nslookup test.local IPADDRESSOFDNS

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for DNS

Create new playlist

Sign In

Sign Up

DNS

Note

Note

Table of Contents for
DNS