Jump to content
Welcome to our new Citrix community!

GSLB, ADNS and Forwarding requests


Recommended Posts

Hello.

 

I have followed this article https://support.citrix.com/article/CTX135580 in attempt to forward the requests of specific domain names to another DNS server.

 

 If I understood right, I did what the article says: Create the SOA and NameServer Record pointing to the other DNS which owns the subdomain, then create the Zone as Proxy (or Option 2... do not create the zone object at all...)

 

But when using nslookup and setting to the ADNS server and then requesting the subdomain I receive that the record was not found, instead of providing the next DNS.

 

The article says "From the stage.example.com zone, if you want to delegate lb.stage.example.com to a second layer NetScaler or DNS server" is this really valid or just works between NetScalers?

 

I also know about enabling recursion, but ... "An ADNS service does not support recursion"(https://support.citrix.com/article/CTX118189?recommended) and for this to work I had to use a DNS -local, but then I cannot setup GSLB as it needs ADNS?

 

That's why i'm trying this manouver...

Link to comment
Share on other sites

Quote

The article says "From the stage.example.com zone, if you want to delegate lb.stage.example.com to a second layer NetScaler or DNS server" is this really valid or just works between NetScalers?

 

I believe if you wanted to configure an external  DNS server to serve request for a delegated zone (lb.stage.example.com) instead of a second NetScaler, you just take the equivalent actions (creating a delegated zone) described starting start Step #6 of the article you referenced above on the external DNS server.

 

If I understand you correctly, you don't want to use a second NetScaler in your GSLB setup and instead want to leverage an external (Microsoft or BIND DNS)?  Can you provide any more information regarding the problem you are facing that has you looking to do this (or provide clarification if I am not understanding your question properly)? 

 

This article has some good information (particularly the 'How does GSLB fit into this?' section) that might better help you figure out what is or isn't possible regarding your particular situation.

 

How DNS(Domain Name System) works with GSLB feature on NetScaler

https://support.citrix.com/article/CTX122619

Link to comment
Share on other sites

Thanks for replying, Jim.

 

25 minutes ago, Jim Grimm1709160134 said:

I believe if you wanted to configure an external  DNS server to serve request for a delegated zone (lb.stage.example.com) instead of a second NetScaler, you just take the equivalent actions (creating a delegated zone) described starting start Step #6 of the article you referenced above on the external DNS server.

That's what I did and it's not working.

 

28 minutes ago, Jim Grimm1709160134 said:

If I understand you correctly, you don't want to use a second NetScaler in your GSLB setup and instead want to leverage an external (Microsoft or BIND DNS)?  Can you provide any more information regarding the problem you are facing that has you looking to do this (or provide clarification if I am not understanding your question properly)? 

Yes you understood correctly. I want to leverage an existing external BIND DNS.

 

The current topology is like:

External BIND DNS > Delegated Zones to ADNS

My worries are that when having External DNS delegating to two ADNS for example, in the middle of the query the client will receive the list and choose one randomly right?

Now imagine that one of the ADNS is down. the External DNS do not have the status of the ADNS behind so it will keep providing the "down" ADNS as well and client would fail to resolve the query randomly, maybe even needing to refresh the browser. After a new try External DNS provides the same list comes again and you can see that this can become a loop of unavailability. (Or am I wrong about assuming this?)

 

Maybe If I have the NetScalers ADNS as first to receive the request, the client would try one, if down, try the next.

 

And then comes the other problem, having the netscaler receiving the requests first, there are zones/domains that it would not own, so it would need to delegate the zone to the External DNS.

 

Hope that's more clear now :)

Link to comment
Share on other sites

On ‎7‎/‎4‎/‎2019 at 4:20 PM, Felipe Albuquerque1709153149 said:

My worries are that when having External DNS delegating to two ADNS for example, in the middle of the query the client will receive the list and choose one randomly right?

Now imagine that one of the ADNS is down. the External DNS do not have the status of the ADNS behind so it will keep providing the "down" ADNS as well and client would fail to resolve the query randomly, maybe even needing to refresh the browser. After a new try External DNS provides the same list comes again and you can see that this can become a loop of unavailability. (Or am I wrong about assuming this?)

I think I understand, but I don't believe it's possible to have a GSLB configuration without a NetScaler at both locations acting as ADNS servers for the domain(s) in question and being configured as members of a GSLB site.

 

Regarding your assumption about the unavailability loop, it sounds like you are describing Round-Robin DNS and leveraging GSLB on the NetScaler would alleviate that problem (when configured as described in the official documentation).

 

In an Active-Active GSLB configuration, the this describes how DNS requests are handled:

https://docs.citrix.com/en-us/netscaler/11-1/gslb/gslb-deployment-types/active-active-site-deployment.html

Quote

When the client sends a DNS request, it lands in one of the active sites.

If Site 1 receives the client request, the GSLB virtual server in Site 1 selects a load balancing or content switching virtual server and sends the virtual server’s IP address to the DNS server, which sends it to the client. The client then resends the request to the new virtual server at the new IP address.

As both sites are active, the GSLB algorithm evaluates the services at both sites when making a selection as determined by the configured GSLB method.

 

For and Active-Passive Deployment:

https://docs.citrix.com/en-us/netscaler/11-1/gslb/gslb-deployment-types/active-passive-site-deployment.html

Quote

If Site 1 goes DOWN, Site 2 becomes operational.

When the client sends a DNS request, the request can land in any of the sites.  However, the services are selected only from the active site (Site1) as long as it is UP.

Services from the passive site (Site 2) are selected only if the active site (Site 1) is DOWN.

 

Hopefully someone else will chime in with some thoughts on the subject.

 

image.png

 

Edited by Jim Grimm
Didn't intend on including duplicate graphics.
Link to comment
Share on other sites

Thanks for your time Jim.

 

I understand the topology of the GSLB, my question is regarding the DNS before reaching the ADNS.

What I called "unavailability loop" before.

 

Making it clearer:

Client Query > External DNS > Provided ADNS1 and ADNS2 > Client Tries ADNS1 which is down...

New Query > External DNS > Provided ADNS1 and ADNS2 > Client Tries ADNS1 again...

Loops... until it tries ADNS2

 

Do you think this "loop" happens when an ADNS of the list provided by the external dns is down?

Or upon failing to reach ADNS1 the client will automatically try the ADNS2 without a new query to the external DNS?

 

39 minutes ago, Jim Grimm1709160134 said:

I don't believe it's possible to have a GSLB configuration without a NetScaler at both locations acting as ADNS servers

That's what I think too...

 

But then there is this https://support.citrix.com/article/CTX123792?recommended

Which has the GSLB DNS Proxy flow... which suggests that may be possible to have a DNS -local and not ADNS working with GSLB, but I can't figure out what needs to be done.

Link to comment
Share on other sites

Hi Felipe,

 

Normally, the external DNS servers will be providing the name server records which are the ADNS in our case in round robin and the client actually tries the first Name Server Record IP address for the resolution so if ADNS1 fails in the next query, ADNS2 will come on top and the client contacts ADNS2 for resolution.

 

It is recommended to have two NetScalers acting as ADNS, that is correct.

 

As per creating the GSLB with the use of DNS proxy, the following article can help you.

 

https://docs.citrix.com/en-us/netscaler/12/dns/configure-netscaler-proxy-server.html

 

 

Link to comment
Share on other sites

Thanks @Check1 Check2

 

So as you say current topology:

External DNS > delegated zones domains > ADNS Servers

Is the correct topology to have, right?

 

About the "next query" is this done automatically or for example, on client machine it will fail to open a published web app and the client will have to refresh the page so a new query is done?

 

As I see it, If the next query is not done automatically, we can fall to the "unavailability loop" or at least having half of the requests failing, when an ADNS is down.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...