Brocade Communications Systems 12.4.00

98 ServerIron ADX Global Server Load Balancing Guide

53-1002437-01

Transparent DNS query intercept

Use the following CLI method to configure this feature.

To configure the ServerIron ADX to redirect queries to an alternative DNS server, enter commands

such as the following:

ServerIronADX(config)# source-ip 209.157.23.100 255.255.255.0 0.0.0.0

ServerIronADX(config)# server remote-name dns-redirect 209.200.22.100

ServerIronADX(config-rs-dns-redirect)# source-nat

ServerIronADX(config-rs-dns-redirect)# port dns

ServerIronADX(config-rs-dns-redirect)# exit

ServerIronADX(config)# server virtual-name-or-ip dns-intercept 209.157.23.130

intercept

ServerIronADX(config-vs-dns-intercept)# port dns

ServerIronADX(config-vs-dns-intercept)# bind dns dns-redirect dns

ServerIronADX(config-vs-dns-intercept)# exit

ServerIronADX(config)# gslb dns zone brocade.com

ServerIronADX(config-gslb-dns-brocade.com)# host-info www http

ServerIronADX(config-gslb-dns-brocade.com)# exit

Syntax: [no] server source-ip <ip-addr> <ip-mask> <default-gateway>

NOTE

The gateway parameter is required. If you do not want to specify a gateway, enter “0.0.0.0”.

This command adds a source IP address. The ServerIron ADX uses the source IP address in

packets that it sends to the alternative DNS server (the “real server”). Add an address that is in the

same subnet as the ServerIron ADX’s management IP address. If you do not add a source IP

address and enable source NAT, the ServerIron ADX leaves the client’s IP address in the source

address field of the redirected IP packets and as a result may not receive the alternative DNS

server’s responses. The ServerIron ADX needs to receive the responses so it can modify the source

IP address to match the address of the authoritative DNS server, so that when the client receives

the response, the response appears to be from the authoritative DNS server. The redirection is

thus transparent to the client.

Syntax: [no] server remote-name <name> <ip-addr>

This command adds the alternative DNS server (the one to which you want to redirect queries). You

can enter this command multiple times for multiple alternative DNS servers.

NOTE

You can configure the alternate DNS server as a real server if it is in the same subnet as the

ServerIron ADX.

Syntax: [no] source-nat

This command enables source NAT. Source NAT allows the ServerIron ADX to change the source IP

address in the client request to one of the source addresses configured on the ServerIron ADX. You

must configure a source IP address and enable source NAT. You can enable source NAT globally or

on individual real servers (as in the example above).

Syntax: [no] port dns

This command enables the DNS port on the real server. You must use this command so that the

ServerIron ADX knows you want to redirect DNS traffic to the real server (the alternative DNS

server).

Syntax: [no] server virtual-name-or-ip <name> <ip-addr> intercept