Transparent DNS query intercept | 1 |
This command configures a virtual server that has the DNS server’s actual IP address. When the ServerIron ADX receives a DNS query addressed to the DNS server IP address, the ServerIron ADX intercepts the packet instead of forwarding it to the DNS server. The intercept parameter is required and indicates that you want to use the virtual server for intercepting DNS queries. This parameter also instructs the ServerIron ADX to ignore ARP requests and pings to the address. The ServerIron ADX needs to ignore ARPs and pings to the address because the address still belongs to the authoritative DNS server. Without the intercept parameter, the ServerIron ADX will respond to ARPs and pings to the virtual server’s IP address.
Syntax: [no] bind dns <real-server-name> dns
This command binds the real server (the alternative DNS server) to the virtual server (the intercepted authoritative DNS server). This command creates an entry in the ServerIron ADX’s port binding table that allows the ServerIron ADX to redirect DNS traffic sent to the authoritative DNS server to the alternative DNS server.
Syntax: [no] gslb dns zone-name <name>
This command specifies the zone for which you want to intercept queries. The ServerIron ADX will intercept and redirect DNS queries only for the zones you specify, and forwards all other client queries to the authoritative DNS server.
Syntax: [no]
This command specifies the host application on the zone you specified above.
Syntax: ip policy <index> cache udp dns global
This command enables the ServerIron ADX to examine incoming DNS packets. This command is required.
Redirecting queries and perform GSLB
To configure transparent DNS query intercept to redirect queries to a proxy DNS server and perform GSLB on the response, do the following:
•Configure a real server with the IP address of the proxy DNS server
•Configure a virtual server with the IP address of the authoritative DNS server, which you want to intercept.
•Specify the domain and host application for which you want to intercept queries.
•Configure an IP policy to enable the ServerIron ADX to examine incoming DNS packets.
•Enable port dns proxy on the real server corresponding to the proxy server.
NOTE
A ServerIron ADX intercepts queries only for domain names configured on the ServerIron ADX. For domain names that are not configured on a ServerIron ADX, the ServerIron ADX still sends queries to the authoritative DNS server.
To configure the ServerIron ADX to redirect queries to another DNS server and apply GSLB on the response, enter commands such as the following:
ServerIronADX(config)#
ServerIron ADX Global Server Load Balancing Guide | 99 |
|