Jump to content
Welcome to our new Citrix community!

Netscaler DNS not resolving


Roy Smith

Recommended Posts

Hi

 

I am setting new Netscaler/ADC VPX cluster, that will be used for load balancing and content switching. I have added nameservers along with a domain suffix. However, from CLI, I cannot resolve host names. The state of the nameserver is up. I can successfully ping the nameserver IP address, so I have a route to the DNS server. At present there are no load balanced servers or content switching setup yet. 

 

When I try to ping the hostname, I get an error "Host name lookup failure". 

 

This cluster is being built in a secondary server room I have another VPX cluster in our other server room, that has been up for over 18 months and this works fine. I am pointing to the same DNS servers, so I know there is not a concern with the servers. 

 

Has anyone come across this? Can anyone help?

 

Thanks

Roy

Link to comment
Share on other sites

When you ping by default the ADC is using the NSIP to source traffic.

You can use the ping <name> -S <snip> to see if you have different results from a SNIP. (Or ping -I to force a specific interface)

 

You may be missing a route or acls may be blocking traffic.  Try running a nstrace if needed to see if the traffic is having an issue in transit.

And are you testing from the kernel or from shell?

Try removing the domain suffix and see if it works without it.

 

Are you pointing to the DNS servers directly or are you doing a DNS lb vserver/proxy config?

 

If you are on a cluster (and not an ha pair), are you sure all the networking and cluster participation are properly configured.  And do you mean cluster or HA pair?

 

 

 

 

Link to comment
Share on other sites

Hi Rhonda

I do not see any routing issue, as I am able to ping an IP address successfully. 

I am pointing directly to the DNS server. However, I did set up a DNS LBVS but this did not make any difference. I can successfully ping the IP of the DNS server and get replies, so routing seems fine. If I ping the IP address using the -S option. I get replies from all interfaces, i.e. cluster IP, , and NSIP and SNIP but if I try to ping a fqdn, I get "Host name lookup failure". 

Removing the suffix does not make any difference and I get the same results in the shell and kernel.


This is a cluster and not an HA pair. I have 4 interfaces on each VM, and I added them 1 at a time to check they are in the right order, as this has caught me out before. 

I have another cluster in our primary server room and both clusters are on 12.1.49.37. They both point to the same DNS, which is also used by other servers and users, so I know there is no issue with the DNS server. 

 

As this cluster has just been created and does not have any services running yet, I may just re-create the VMs from scratch and check DNS is working on each member before creating the cluster, just to rule it out. 

 

Link to comment
Share on other sites

Ok, so I rebuilt the 2 VMs and set a basic config with a single interface. Initial test confirmed that dns lookups worked, as I could ping both and IP address and hostname. I then added the other interfaces to the VMs but did not configure them. I then did my ping test and it worked on 1 VM but not the other one, which seemed strange. After reboots, I notice that I could intermittently ping a hostname, i.e. from 1 VM the name got resolved but the other one it would not. Then after various reboots, this behaviour swaps, i.e. the VM that could ping could not and the other one could. At times neither VM can do a name lookup and other times both VMs can do a lookup. It is almost as if a service is not starting up on the VMs but not sure what there is for DNS.

 

This is certainly strange, as I kept the netscaler config as simple as possible, i.e. 1 NSIP & 1 SNIP only, both on the same subnet and a default route only. 

 

Now, these are running on ESX 5.5, which I know is out of support but for us not an issue at present, as this is for DR. The plan is to upgrade or replace the ESX servers later this year, when but thought we could get ahead by starting to create the required VMs. I now suspect ESX as the culprit here, but I'm still not sure. Although DNS lookups fail intermittently, network connectivity is never a problem. I can always ping an IP address with no packet loss. So, at present, I'm at a loss to understand what, if anything, ESX has to do with netscaler VPX VMs failing to do a host name lookup.

 

I would just like to understand what is going on here, so if anyone has an ideas, it would be much appreciated. 

 

Thanks

Roy

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...