Jump to content
Welcome to our new Citrix community!

Active passive GSLB - name resolution not failing over to passive site

Jay Stevens

Recommended Posts

in active passive GSLB configuration (active = PROD datacenter, passive = DR AWS) name resolution works fine when active site services are up.  This indicates GSLB name resolution.   It doesn't failover to passive site's LB virtual server IP by either disabling active NS LB virtual server associated with the GSLB service or by taking the LB virtual server down.  The GSLB domain still resolves to active LB virtual server no matter of services status of the active site.  Disrupting MEP communication between would most likely trigger failover but need to test GSLB selectively. 

Running host command:  host <domain_name> <ADNS service IP> always resolves to active IP when running it on active NetScaler, even when querying the passive site's ADNS service.  Host command on passive NetScaler pair always fails with "connection timed out; no servers could be reached"

We are running NS firmware 12.1. 


Any pointers here will be highly appreciated.


Link to comment
Share on other sites

  • 1 month later...

Before we go any further, how sure are you that the DNS is actually getting delegated to the Netscaler? Go to http://www.simpledns.com/lookup-dg.aspx to test it out! It could be as simple as the DNS is giving a static result, and not delegating the DNS!



So, the idea is that when a DNS request comes in (to either box) then that box goes and asks it's GSLB Vserver to decide which IP to respond with. 


In your case, you will have TWO GSLB vservers, the primary (which is bound to the FQDN) and the backup, which is pointed to as the "backup vserver" for the primary.


You'll have 2 GSLB service, one bound to each GSLB VS. Each service points to a "server" which tells the GSLB service which LBVS (or whatever) it is supposed to be looking at.


When that primary GSLB VS needs to respond with an IP, it will respond with the primary-bound GSLB service's IP (if it is up), otherwise it will respond with the IP from the secondary  bound GSLB service.


When you take the primary site's LBVS offline, then both site's associated GSL service should show as down too.


(If you have NAT on the incoming IPs, then you need to make sure that the "public ip" in the GSLB service is set right).


So, let's test this site by site: set up your PC to DNS requests to the primary netscaler: with the primary GSLB service up, you should get the primary IP. If you disable the primary GSLB service, then you should get the secondary IP.  Now do the same on the secondary site. this tests the operation of the GSLB, and the Netscaler DNS.




Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...