1 Transparent DNS query intercept

Use the following CLI method to configure this feature.

To configure the ServerIron ADX to redirect queries to an alternative DNS server, enter commands such as the following:

ServerIronADX(config)# source-ip 209.157.23.100 255.255.255.0 0.0.0.0 ServerIronADX(config)# server remote-name dns-redirect 209.200.22.100 ServerIronADX(config-rs-dns-redirect)# source-nat ServerIronADX(config-rs-dns-redirect)# port dns ServerIronADX(config-rs-dns-redirect)# exit

ServerIronADX(config)# server virtual-name-or-ip dns-intercept 209.157.23.130 intercept

ServerIronADX(config-vs-dns-intercept)# port dns ServerIronADX(config-vs-dns-intercept)# bind dns dns-redirect dns ServerIronADX(config-vs-dns-intercept)# exit ServerIronADX(config)# gslb dns zone brocade.com ServerIronADX(config-gslb-dns-brocade.com)# host-info www http ServerIronADX(config-gslb-dns-brocade.com)# exit

Syntax: [no] server source-ip<ip-addr> <ip-mask> <default-gateway>

NOTE

The gateway parameter is required. If you do not want to specify a gateway, enter “0.0.0.0”.

This command adds a source IP address. The ServerIron ADX uses the source IP address in packets that it sends to the alternative DNS server (the “real server”). Add an address that is in the same subnet as the ServerIron ADX’s management IP address. If you do not add a source IP address and enable source NAT, the ServerIron ADX leaves the client’s IP address in the source address field of the redirected IP packets and as a result may not receive the alternative DNS server’s responses. The ServerIron ADX needs to receive the responses so it can modify the source IP address to match the address of the authoritative DNS server, so that when the client receives the response, the response appears to be from the authoritative DNS server. The redirection is thus transparent to the client.

Syntax: [no] server remote-name <name> <ip-addr>

This command adds the alternative DNS server (the one to which you want to redirect queries). You can enter this command multiple times for multiple alternative DNS servers.

NOTE

You can configure the alternate DNS server as a real server if it is in the same subnet as the ServerIron ADX.

Syntax: [no] source-nat

This command enables source NAT. Source NAT allows the ServerIron ADX to change the source IP address in the client request to one of the source addresses configured on the ServerIron ADX. You must configure a source IP address and enable source NAT. You can enable source NAT globally or on individual real servers (as in the example above).

Syntax: [no] port dns

This command enables the DNS port on the real server. You must use this command so that the ServerIron ADX knows you want to redirect DNS traffic to the real server (the alternative DNS server).

Syntax: [no] server virtual-name-or-ip <name> <ip-addr>intercept

98

ServerIron ADX Global Server Load Balancing Guide

 

53-1002437-01

Page 109 Page 111
Page 110
Image 110
Brocade Communications Systems 12.4.00 Syntax no server remote-name name ip-addr, Syntax no source-nat, Syntax no port dns
Page 109 Page 111
Top Page Image Contents