Jump to content
Welcome to our new Citrix community!

Refresh IP for domain-name based LB services


Recommended Posts

Hello,

we are Load Balacing different web services via NetScaler. Usually I create new LB services simply by providing the IP address but since several servers will soon be migrated to another subnet I rebuilt the services by using the domain name instead. However, after a test-service was migrated it took the NetScaler about 3 hours to recognize that the server/service IP address had changed. During that period the service was marked as "down" which is plausible. I use a simple HTTP-ECV monitor which sends a HTTP GET to a certain URL while using a secure connection.

 

When I resolve the domain name manually within the NetScaler server configuration the IP changes immediately to the new one and the service status changes back to "up"... as expected.

 

The NetScaler has two name servers configured but I don't know how to reduce the refresh time or TTL for domain-name based Load Balacing services. The DNS parameters are set to default.

 

Any hint will be appreciated.

 

Thanks,

Marcus

Link to comment
Share on other sites

Hi, I don't know how the Netscaler manage DNS but you can check on your domain DNS server to change the TTL to a small amount (5 min) at least a few hour before the change so that the client that request this specific DNS record knows that it's valid only for 5 min. I think by default windows DNS server have a TTL of 1 hour unless it has been modified manually. To change it, just edit the DNs record and change the value in the bottom line to have it at 0:0:5:0 this will give the DNS record a TTL of 5 min. Hopefully this will help.

2020-02-12_12h29_32.png

Link to comment
Share on other sites

The NS does cache dns requests.  It sounds like it had the cached (original) value for the service and when you updated, the dns cache wasn't cleared so it would fetch a new value before the ttl expired.  

flush dns proxycache

Also in Gui under Traffic Management > DNS or DNS > Records (right pane) can't remember which node.

You can see cached records in Dns > Records > Address Records (or other record type)

 

So in addition to changing the TTL you can explicitly flush the dns cache on NS when making explicit ip changes in dns.

 

Link to comment
Share on other sites

Hi Rhonda,

 

thank you. TM > DNS > Address Records shows only the default root nameservers. After I manually resolve a FQDN within the NetScaler CLI the record is successfully added and shown via 'show dns addrec -type all' with a TTL of 1200 seconds. So caching works as designed.

 

But what I'm trying to achieve is to reduce the DNS caching TTL after domain-name LB service switched its IP so I don't have to flush dns manually. I have about 200 LB services which are being migrated to different subnets at different times. Ideally I would configure all services via domain-name once and don't have to worry about IP changes anymore. My only problem is still that the NetScaler takes about 2-3 hours until it refreshes the LB services IP without me refreshing manually. Also asked our domain team as Dany suggested: TTL for this zone is set to one hour..

 

Thanks,

Marcus

Link to comment
Share on other sites

I wanted you to first realize that the problem was probably related that the NS was caching the results.  You can possibly stop the NS from caching dns results, but this would stop it for all dns requests:  https://support.citrix.com/article/CTX221675

 

Or adjust the TTL on the cached dns records on the NS to refresh more quickly; possibly by changing the global dns parameters for max ttl:  https://developer-docs.citrix.com/projects/netscaler-command-reference/en/12.0/dns/dns-parameter/dns-parameter/

The trick is think about what other thinks might be relying on the NS dns behavior to understand impacts (like gslb).

 

Also which monitor do you have bound to your service?  

 

There may be some other ways to manage this; but these are the settings I know about.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...