Manuals / Brocade Communications Systems / TV and Video / Home Theater Server

Brocade Communications Systems 12.4.00 Displaying Dnssec configuration, Syntax show gslb dns zone

Models: 12.4.00

1 267

Download 267 pages 21.85 Kb

Page 128

1 DNSSEC

Configuring load balancing of plain DNS request across all servers

If zones and real servers are configured for DNSSEC, then non-dnssec servers are used for requests on non-dnssec zones. To load-balance non-dnssec (plain DNS) requests across all servers, use one of the following commands.-

ServerIron(config)# server virtual dns_vip 209.157.23.46 ServerIron(config-vs-dns_vip)# port dns ServerIron(config-vs-dns_vip)# port dns use-dnssec-servers-for-dns-queries

Syntax: [no] port dns use-dnssec-servers-for-dns-queries

ServerIron(config)# server use-dnssec-servers-for-dns-queries

Syntax: [no] server use-dnssec-servers-for-dns-queries

Displaying DNSSEC configuration

You can use the show glsb zone command to determine if a GSLB zone has be configured as dnssec-capable or dnssec-only. In the following example, the GSLB zone “secure.mydnssec.com” is configured as “DNSSEC-ONLY”

ServerIronADX(config)#		show gslb dns zone
ZONE: secure.mydnssec.com
HOST: null-host:
(Global GSLB policy)
GSLB affinity group: global
DNSSEC-ONLY					Flashback		DNS resp.
					Flashback		DNS resp.
					delay		selection
					(x100us)		counters
*	192.168.1.101: dns	real-ip DOWN		N-AM	TCP	APP	Count (%)
*	192.168.1.101: dns	real-ip DOWN		N-AM	--	--	---
*	192.168.1.102: dns	real-ip DOWN		N-AM	--	--	---
*	192.168.13.100: dns	v-ip	ACTIVE	N-AM	0	0	---
*	192.168.1.100: dns	real-ip DOWN		N-AM	--	--	---

Syntax: show gslb dns zone

Displaying DNSSEC statistics

When DNSSEC is enabled (by either real server or zone), DNSSEC statistics are displayed as shown in the following:

116	ServerIron ADX Global Server Load Balancing Guide
	53-1002437-01

Image 128

Brocade Communications Systems 12.4.00 manual Displaying Dnssec configuration, Displaying Dnssec statistics

Contents

ServerIron ADX Brocade Communications Systems, Incorporated Contents ServerIron ADX Global Server Load Balancing Guide Page Gslb for IPv6 example Gslb for IPv6 feature supportGlobal server load balancing for IPv6 overview IPv4 IPv6Page Audience Supported hardware and softwareDocument conventions Text formattingBold text Getting technical help or reporting errors Web accessMail and telephone access Related publicationsPage Global Server Load Balancing Global Server Load Balancing overviewBasic concepts Global Server Load Balancing overview Global Server Load Balancing configuration Gslb exampleDNS Gslb policy Weighted IP metric Server healthActive bindings metric Weighted site metricSite ServerIron ADX’s session capacity threshold Geographic location of the server Site ServerIron ADX’s FlashBack speed Site ServerIron ADX’s connection loadSite ServerIron ADX’s available session capacity tolerance Round robin selection Site ServerIron ADX’s administrative preferenceLeast response selection 128 Minimum required configuration Basic controller and site communicationSyntax show gslb policy Configuring Gslb Configuring GslbPage Proxy for DNS server Proxy for DNS serverAdding a source IP address Syntax no server source-ipip-addr ip-mask default-gateway Syntax no gslb protocol Configuring a siteEnabling the Gslb protocol Specifying site locations Syntax no gslb site nameSyntax no gslb dns zone-name name Configuring a zoneSpecifying Gslb controller locations Applying Gslb to Cname records Syntax no dns cname-detectConfiguring Http health check parameters Cname status is shown in bold typeConfiguring DNS domain name aliases Syntax host-info host-namealias alias-name Configuring null host namesConfiguration example Private VIPs for Gslb Syntax dns overrideConfiguring a public IP address for a VIP Private VIPs for GslbShow gslb dns detail the following is an example Private VIP display informationDisplaying Gslb IP information Configuring Gslb protocol parameters Changing the protocol port numberSyntax show server virtual-name-or-ip Syntax show gslb siteChanging the Gslb protocol update period Modifying Gslb parameters related to DNS responsesSyntax no protocol status-interval num You can modify the following DNS-related Gslb parametersRemoving IP addresses for sites that fail a health check Syntax no dns best-onlyChanging the query interval Syntax no dns check-interval numChanging the TTL for DNS records Syntax no dns ttl numSyntax no dns ttl Enabling DNS override Syntax no dns overrideChanging the Gslb policy metrics Configuring Gslb protocol parameters Gslb policy metrics Metric Default Configuration optionsConnection load Changing the order of Gslb policy metrics Syntax no metric-order set listSyntax metric-order default Disabling or re-enabling individual Gslb policy metricsClearing DNS selection counters Syntax clear gslb dns zone-name nameImplementing the weighted IP metric DNS response processingConfiguring weighted IP metrics Syntax no weighted-ip Syntax no gslb dns zone nameSyntax host-info www ip-weight IP address weight For name, enter up to 32 charactersImplementing the weighted site metric Syntax show gslb dns zoneSan Jose 50% New York 30% London 20% Total 100 100% Traffic distribution specifications Configuring weighted site metricsSyntax no weighted-site Syntax gslb site site name Syntax weight weightFirst example shows the first two sites Syntax show gslb traffic siteImplementing the active bindings metric Site ThreeEnabling active bindings Configuring weighted active bindings Gslb active bindings enhancementsConfiguring connection load parameters Specifying the site connection limitSyntax no connection-load limit average-load Changing the sampling intervals and sample rateChanging the sample interval weight Syntax no connection-load weights weight1 weight2...weight8Changing the FlashBack tolerance values Syntax no capacity threshold numSyntax no num-session tolerance num Syntax no flashback application tcp tolerance numModifying round-trip time values Changing the RTT cache intervalSyntax no round-trip-time cache-interval num Changing the RTT cache prefixSyntax no round-trip-time cache-prefix num Changing the RTT toleranceSyntax no round-trip-time explore-percentage num Adding static prefix cache entriesEnabling default geographic location Secure GslbPage Gslb message content randomization Configuring secure GslbRSA challenge dialogue Secure GslbConfiguring secure-communication on the controller Generating RSA key pairExchanging public keys Bob sends back his public key Selecting a peer public key management option C.DRegenerating the session keys Manually regenerating the session keysDynamically regenerating the session keys Syntax clear gslb session-keysSite persistence in Gslb using stickiness Minimum Gslb configurationAlgorithm Site persistence in Gslb using stickiness Enabling sticky GslbConfiguring the sticky Gslb session life time Allowing sticky sessions for a specific prefix lengthSyntax no sticky Syntax no sticky age valueDisplaying current sticky Gslb sessions Syntax show session all offsetSticky Gslb counters Syntax show gslb dns detailSite persistence in Gslb using hashing Deleting sticky Gslb session for a specific clientDeleting all sticky Gslb sessions Enabling hash-based Gslb persistenceHashing scheme Syntax show gslb phash tableIP address allocation IP address failure or removal from domainRehash new IP address for a domain or change of state RankDisabling rehash Syntax hash-persist hold-down time Syntax hash-persist persist-rehash-disable time-outManually forcing rehash for a domain Show commands Weighted distribution of sites with hash-based persistence Weighted distribution of sites with hash-based persistenceSyntax show gslb phash table zone-name name host-name name This section contains the following subsectionsGslb weighted hash-based persistence Gslb hash-based persistenceHashing scheme IP address allocationIP address failure or removal from domain Rehash change in hash weight Disabling rehash on change in hash weight configurationSyntax no prefix-len-hash-persist length Enabling weighted hash-based Gslb persistenceSyntax no hash-persist weighted Syntax host-info host-nameip-hash-weight IPaddress weight Configuring weights for domain IP addressesDisable rehash when weight for an IP is changed Hash persist hold down timer Syntax no hash-persist disable-weight-rehashShow commands Manually forcing rehash for a domainClear Gslb phash counters Syntax show gslb policy host-policy-name policy-nameDisplaying the contents of active RTT cache entries Affinity AffinityDefining the affinity Syntax gslb affinityDisplaying RTT prefix cache entries Syntax show gslb cache ip-addrGslb domain-level affinity Displaying affinity selection countersOverview of Gslb domain-level affinity Syntax show gslb dns detail nameCommand line interface Configuring an affinity for prefix 0.0.0.0/0Creating a domain-level affinity group Associating the domain-level group with a domainShow gslb affinity-group group-number Syntax show gslb affinity-group group-numberShow gslb resources Syntax show gslb resourcesDNS cache proxy DNS cache proxyShow gslb dns detail Syntax show gslb dns detail zone-nameTo enable DNS cache proxy, enter the following commands Enabling DNS cache proxyDisplaying DNS cache proxy state Syntax no dns cache-proxySyntax show gslb global-stat DNS cache proxy Disable the defaultDisplaying DNS cache proxy statistics Combining the DNS cache proxy and DNS override features Gslb DNS type any queryTransparent DNS query intercept Transparent DNS query intercept configuration Redirecting queries Transparent DNS query interceptSyntax no server remote-name name ip-addr Syntax no source-natSyntax no port dns Syntax no server virtual-name-or-ip name ip-addrinterceptSyntax ip policy index cache udp dns global Redirecting queries and perform GslbSyntax no bind dns real-server-namedns Responding to queries directly Displaying transparent DNS query intercept statistics Syntax dns transparent-interceptEach message shows the following information Enabling DNS request loggingSyntax no gslb log-dns Support for the RTT metric Enabling DNS request logging Gslb request informationEnabling DNS request logging Distributed health checks for GslbBP support as Gslb agent Syntax no si-name name ip-addrno-si-dist-health-check ADXConfiguring the health status reporting interval Syntax no si-name name ip-addrenable-si-dist-health-checkDisabling or re-enabling distributed health check Syntax no no-distributed-health-checkConfiguring the agent health report interval Debugging the distributed health checkSyntax no health-status-interval secs Syntax no agent-health-report-interval secsImpact of distributed health checks on the Flashback metric Example Configuration examplesTopology Example Example Dnssec Example with Authentication Chain Steps involved in a Dnssec resolution areDnssec Dnssec Gslb in DNS proxy mode Verification with DIGConfiguring Dnssec for Gslb Cache proxy modeConfiguring a zone for Dnssec Configuring a backend Adns server as Dnnsec capableDisplaying Dnssec configuration Displaying Dnssec statisticsSyntax no port dns use-dnssec-servers-for-dns-queries Syntax no server use-dnssec-servers-for-dns-queriesConfiguring host-level policies Host-level policies for site selectionGlobal vs host-level policy Host-level policies for site selectionConfiguring the parameters for the host-level policy Defining a name for a host-level Gslb policySyntax no dns active-only Removing all IP addresses except the best addressTo re-enable this metric, enter the following command Disabling or re-enabling the Flashback metricSyntax no flashback Modifying Flashback toleranceEnabling the Geographic metric Syntax no geographicEnabling the Health Check metric Syntax no health-checkResetting the order of the metrics Configuring the Num-session Tolerance Enabling the Num-session metricSyntax no num-session Enabling the Preference metricSyntax no weighted-ip Enabling the weighted site metricSyntax no round-robin Enabling the Round-Trip-Time metric Syntax no round-trip-time Changing the RTT toleranceSyntax no weighted-site Displaying host-level policy informationApplying a host-level policy to a Gslb host Displaying a host-level policyDisplaying all Gslb policies Syntax show gslb policy host-policy-allSyntax show gslb dns zone I detail Displaying the policy used for hostsDisplaying the number of host-level policies Configuration example Deleting Gslb host-level policiesDeleting a policy that is not applied to a host Syntax clear gslb host-policy policy-nameGeographic region for a prefix How geographic location is determinedFor IPv6 Configuring a geographic prefixFor IPv4 Displaying the number of geographic prefixes Displaying information about geographic prefixGeographic region for a prefix Syntax show gslb cache IP address prefixExample configuration Syntax show gslb cache all geographic user-configuredSmoothing mechanism for RTT measurements Smoothing mechanism for RTT measurements90% of 20ms + 10% of 40ms = 22ms 90% of 22ms + 10% of 1 sec = 119ms134 Enabling enhanced RTT smoothing Syntax gslb enhanced-rtt-smoothingConfiguring the parameters Disabling enhanced RTT smoothingSpecifying the ramp-up-factor Syntax no ramp-up-factor valueSpecifying the ramp-down factor Syntax no ramp-down-factor valueSyntax enable-sim-new-rtt-smooth Syntax disable-sim-new-rtt-smoothState gets cleared. You can command in the simulation Syntax rtt-val valueSmoothing mechanism for RTT measurements Smoothing mechanism for RTT measurements Determining if the new RTT smoothing mechanism is enabled Round-trip timesPassive RTT gathering Round-trip timesActive RTT gathering Passive RTT gatheringSupport for both active and passive RTT Active RTT gatheringActive RTT gathering issues and trade-offs Enabling active RTTSyntax no gslb disable-rtt-gathering Discarding passive RTTDisabling passive RTT gathering Syntax no gslb active-rtt-gatheringConfiguring active RTT parameters Configuring active RTT query message intervalConfiguring the cache interval for active RTT prefix Specifying how often to report the active RTTSyntax no gslb agent-rtt-refresh-interval value Configuring the active RTT refresh intervalSetting the RTT algorithm modes Using only passive RTT Syntax gslb dns-probe enable-fallback Syntax gslb dns-probe disable-fallbackProbes for RTT gathering Accepting DNS RTT measurementsAging out prefixes when Icmp probe fails Aging out prefixes when DNS probe failsEnabling the DNS prober Sending DNS probes on a different portActive RTT gathering and high availability support Displaying RTT information Displaying the RTT gathering mechanismDisplaying the active RTT gathering configuration Syntax show gslb active-rtt-infoSyntax show gslb cache ip-address Displaying the RTT information of a client IP addressRound-trip times Show Gslb active RTT information This field Displays Displaying the RTT algorithm mode For example, enter a command such as the followingGslb affinity for high availability Configuring an HA groupGslb affinity for high availability Enabling dynamic detection Displaying HA information Displaying all HA groupsDisplaying the HA peer for a site Syntax no gslb dynamic-peer-detectDisplaying the dynamically detected HA pairs View the configured HA group using the following command Gslb affinity for HAThis command requires a reload to take effect Gslb optimizationOptimized VIP list processing Syntax no gslb process-vip-list-optimizeSyntax no gslb dont-send-active-bindings Syntax no si ip-addressoptimized-dist-hcheckSyntax no gslb send-vip-list-optimize On the site ServerIron ADX, configure the following commands Gslb optimizationGuidelines and recommendations for using this feature Displaying Gslb informationDisplaying site information Displaying Gslb informationSyntax show gslb site name Name parameter specifies a site nameSite Displaying real server information Displaying Gslb information Global SLB site informationSyntax rshow remote-ip-addrserver real virtual session bind Displaying DNS zone and hosts Syntax show gslb dns zone nameZone Displaying detailed DNS information Host a Flashback Displaying metric information Displaying the default Gslb policy Syntax show gslb defaultDisplaying Gslb information Gslb policy information DNS TTLDisplaying the user-configured Gslb policy ServerIronADXconfig# show gslb cache Static prefix cache entries on This command shows the following information Gslb resources Displaying Gslb resourcesDisplaying dynamic server information Displaying Gslb information Gslb resourcesPort binding information The TCP and UDP ports Session statistics Another way to list the real serversSyntax show server dynamic real Displaying dynamic real server informationDisplaying virtual server information Displaying the port bindings Listing the real serversSyntax show server dynamic virtual Syntax show server dynamic bindSpecifying the source IP of probes Displaying information in the prefix cacheSyntax gslb src-ip-active-rtt ip-address Syntax show gslb cache allSyntax show gslb cache all affinity Syntax show gslb cache all geographic staticSyntax show gslb cache all ip-addr Syntax show gslb cache ip-addrlonger-than prefix-lengthSyntax show gslb cache ip-addrsmaller-than prefix-length Snmp traps and syslog messagesSnmp traps and syslog messages Syslog messages Syntax show loggingDisabling and re-enabling traps Gslb error handling for unsupported DNS requestsSyntax no snmp-server enable traps trap-type Default settings for Gslb error handling Using Gslb error handling with transparent intercept modeError handling response format Disable or re-enabling Gslb error handlingConfiguring the return code Gslb error handling for unsupported DNS requestsSyntax clear gslb unsupported-response-cnt Viewing error handling statisticsClearing the error handling statistics Gslb error handling for unsupported DNS requests Global Server Load Balancing for IPv6 Global server load balancing for IPv6 overviewGslb for IPv6 feature support IPv6 Gslb configuration Gslb for IPv6 exampleBasic Gslb for IPv6 configuration On Gslb ServerIron ADX controllerConfiguring the Gslb controller Basic Gslb for IPv6 configurationAdding a VIP for the Adns server Enabling DNS cache proxyConfiguring zones Enabling DNS overrideHost-nameparameter specifies the host name Specifying DNS override IP listsSyntax no host-info host-nameip-list ipv6-address Configuring sites Site ServerIron ADX configuration Basic configuration exampleConfiguration on Gslb ServerIron ADX Gslb controller Enabling the Gslb protocolConfiguration on site ServerIron ADXs Enable the Gslb protocol on each of the Site ServerIron ADXsAdvanced Gslb configuration for IPv6 Gslb site persistenceConfiguring Gslb policy metrics for IPv6 Refer to Server host healthNot supported Changing the order of Gslb for IPv6 policy metrics Refer to FlashBack speed metricSyntax no metric-order set list Resetting Gslb policy metrics Server host health metricWeighted IP metric Enabling the weighted IP metricFor zone-name, enter up to 32 characters Specifying the weight of IP addresses in the IP listAdvanced Gslb configuration for IPv6 Weighted site metric Traffic distribution specifications DNS response processingConfiguring weighted site metrics Session capacity threshold metricSyntax no active-bindings Active bindings metricEnabling active bindings Configuring weighted active bindings Geographic location metric Specifying Gslb controller locations Configuring a geographic prefixSpecifying site locations Available session capacity metric FlashBack speed metric Administrative preference metric Round robin selection metric Configuring administrative preference for a siteLeast response selection metric Sticky persistence for IPv6 Enabling sticky persistence for IPv6 Specifying sticky session prefix lengths Specifying sticky session life timesDeleting sticky sessions Syntax no sticky ipv6-prefix-length decimalHash-based persistence for IPv6 Specifying hash-based persistence prefix lengthsSyntax no ipv6-prefix-len-hash-persist decimal Weighted hash-based persistence for IPv6Manually forcing a rehash for a domain Configuring weights for domain IP addresses Disabling rehash when weight for an IP is changed Configuring DNS response parameters Configuring an active-only policyConfiguring a best-only policy Gslb of ANY queriesDisplaying DNS cache proxy statistics Displaying Gslb for IPv6 configurationsShow commands for basic Gslb configurations Displaying the default Gslb policy Displaying Gslb for IPv6 configurationsDNS TTL Displaying the user-configured Gslb policy Displaying information about a geographic prefix ServerIronADX VIP === Displaying DNS zone and hosts When you configured the zone information Africa X100us Counters 2001db8abc Cfg Zone-nameparameter specifies a particular Gslb zone Specifying the weight of IP addresses in the IP list on Displaying site informationServerIronADXconfig# show gslb site Administrative preference metric on Site-nameparameter specifies a site name Show commands for advanced featuresDisplaying the hash table Troubleshooting Gslb for IPv6 configurations Clearing Gslb phash countersDisplaying Gslb debug counters Syntax show gslb ipv6 phash active-ip allocation tableTroubleshooting Gslb for IPv6 configurations Syntax show gslb message IPaddress Troubleshooting IPv6 listsDebug trace for Gslb Syntax debug track feature gslb algorithm sticky generic all Troubleshooting Gslb for IPv6 configurations IPv4 RFC IPv4IPv6 DNS South America IPv6 address assignment Address DesignationLacnic