Transparent DNS query intercept

1

GSLB ServerIron ADX performs GSLB on client queries for IPv4 address records (A records). In GSLB topologies, when the client query comes in for any of the other record types, the GSLB ServerIron forwards the query to the backend DNS server and sends the DNS response unaltered to the client.

DNS supports a special query type called "ANY". If the client sends a DNS query with type ANY, the DNS response contains all the records configured for that domain. For example, if two A records and two MX records are configured for www.mycompanynet.com and the client sends a type ANY query for www.mycompanynet.com, then the DNS response contains all four records: two A records and two MX records.

GSLB ServerIron ADX is able to handle DNS type ANY queries. If the client sends a DNS query with type ANY, GSLB ServerIron ADX identifies it as a supported query type and performs GSLB on the A records contained in the response.

In modes such as DNS proxy, when client sends a query with DNS type ANY, GSLB ServerIron ADX receives the DNS server response containing all the DNS records configured for the domain. In addition to query type A records, GSLB ServerIron ADX also identifies type ANY as a supported query type. It will parse the DNS response to find all the A records contained within the response. It will apply the GSLB policy to this response, reorder the A records in the response with the best A record at the top and send the response to the querying client. Note that all records other than A records (such as MX records and others) contained within the response, are not changed by the GSLB ServerIron ADX.

In modes such as DNS cache proxy with DNS override, the GSLB ServerIron ADX does not have a backend DNS server and generates the DNS response itself. If client sends a query of type ANY, GSLB ServerIron ADX will identify this as a supported query type and apply the GSLB policy to the IP addresses for the domain. It will send a response to the client with the selected A record for the domain.

This feature is enabled by default.

Transparent DNS query intercept

Transparent DNS query intercept allows a ServerIron ADX to transparently intercept certain DNS queries to the authoritative DNS server and redirect them to alternate DNS servers or handle them directly. This feature lets the authoritative DNS server IP remain unchanged. You do not need to change the DNS server IP address as you do in standard GSLB configurations.

This feature is useful when you want to redirect clients for certain domains to proxy web servers, but you do not want to configure the proxy addresses on the DNS server itself or otherwise change the configuration of the DNS server.

NOTE

The ServerIron ADX must be in the direct data path from all potential clients to the authoritative DNS server. Otherwise, it is possible for the DNS server to receive the queries directly instead of the ServerIron ADX.

You can configure the following types of transparent DNS query intercept:

Redirect the client queries to a proxy DNS server and perform GSLB on the response. The ServerIron ADX redirects the client request for the zones configured on the ServerIron ADX to the alternate DNS server, applies the GSLB policy on the response and gives the best address(es) to the client.

ServerIron ADX Global Server Load Balancing Guide

95

53-1002437-01

 

Page 107
Image 107
Brocade Communications Systems 12.4.00 manual Transparent DNS query intercept