Brocade Communications Systems 12.4.00 specs

GSLB error handling for unsupported DNS requests

1

refused = query refused servfail = server failure

NOTE

Do not change the error code unless you are absolutely certain of the effect of the configuration. For example, if you configure nxdomain as the return code, the GSLB ServerIron ADX responds to an unsupported query type with this error code. When the client receives the nxdomain response, the client typically stops attempting to resolve any other record type for that name. For example, an nxdomain response to an IPv6 record type might stop the client from sending a query for an IPv4 record type, even though IPv4 record types exist for that domain. Furthermore, if this response (with nxdomain rcode) is negatively cached, it can result in a potential denial-of-service attack for a particular domain name.

Viewing error handling statistics

You can view the number of client requests for unsupported DNS record types for which the GSLB ServerIron ADX generated an error handling response. Enter the following command at any level of the CLI.

ServerIronADX(config)# show gslb global-stat
DNS cache proxy stat:
Direct response	=	1
DNS query intercept stat:
Redirect	=	0	Direct response	=	0
Unsupported query types stat:
Error handling cnt	=	3

In the example above, the Error handling cnt shows that the GSLB ServerIron ADX generated and sent error handling responses for three client queries.

Syntax: show gslb global-stat

Clearing the error handling statistics

To clear the error handling statistics for the GSLB ServerIron ADX, enter the following command.

GSLB-ServerIronADX# clear gslb unsupported-response-cnt

Syntax: clear gslb unsupported-response-cnt

To confirm the statistics were cleared, use the show gslb global-statcommand.

ServerIron ADX Global Server Load Balancing Guide	191
53-1002437-01

Image 203

Brocade Communications Systems 12.4.00 manual Viewing error handling statistics, Clearing the error handling statistics

Contents

ServerIron ADX Brocade Communications Systems, Incorporated Contents ServerIron ADX Global Server Load Balancing Guide Page Gslb for IPv6 example Gslb for IPv6 feature supportGlobal server load balancing for IPv6 overview IPv6 IPv4Page Text formatting AudienceSupported hardware and software Document conventions Bold text Related publications Getting technical help or reporting errorsWeb access Mail and telephone accessPage Global Server Load Balancing overview Global Server Load Balancing Basic concepts Global Server Load Balancing overview Gslb example Global Server Load Balancing configuration DNS Gslb policy Server health Weighted IP metric Active bindings metric Weighted site metricSite ServerIron ADX’s session capacity threshold Geographic location of the server Site ServerIron ADX’s FlashBack speed Site ServerIron ADX’s connection loadSite ServerIron ADX’s available session capacity tolerance Round robin selection Site ServerIron ADX’s administrative preferenceLeast response selection 128 Basic controller and site communication Minimum required configuration Syntax show gslb policy Configuring Gslb Configuring GslbPage Proxy for DNS server Proxy for DNS serverAdding a source IP address Syntax no server source-ipip-addr ip-mask default-gateway Syntax no gslb protocol Configuring a siteEnabling the Gslb protocol Syntax no gslb site name Specifying site locations Syntax no gslb dns zone-name name Configuring a zoneSpecifying Gslb controller locations Syntax no dns cname-detect Applying Gslb to Cname records Cname status is shown in bold type Configuring Http health check parameters Configuring DNS domain name aliases Syntax host-info host-namealias alias-name Configuring null host namesConfiguration example Syntax dns override Private VIPs for Gslb Private VIPs for Gslb Configuring a public IP address for a VIP Show gslb dns detail the following is an example Private VIP display informationDisplaying Gslb IP information Syntax show gslb site Configuring Gslb protocol parametersChanging the protocol port number Syntax show server virtual-name-or-ip You can modify the following DNS-related Gslb parameters Changing the Gslb protocol update periodModifying Gslb parameters related to DNS responses Syntax no protocol status-interval num Syntax no dns best-only Removing IP addresses for sites that fail a health check Syntax no dns ttl num Changing the query intervalSyntax no dns check-interval num Changing the TTL for DNS records Syntax no dns override Syntax no dns ttl Enabling DNS override Changing the Gslb policy metrics Metric Default Configuration options Configuring Gslb protocol parameters Gslb policy metrics Connection load Syntax no metric-order set list Changing the order of Gslb policy metrics Disabling or re-enabling individual Gslb policy metrics Syntax metric-order default Syntax clear gslb dns zone-name name Clearing DNS selection counters DNS response processing Implementing the weighted IP metric For name, enter up to 32 characters Configuring weighted IP metricsSyntax no weighted-ip Syntax no gslb dns zone name Syntax host-info www ip-weight IP address weight Syntax show gslb dns zone Implementing the weighted site metric San Jose 50% New York 30% London 20% Total 100 100% Syntax weight weight Traffic distribution specificationsConfiguring weighted site metrics Syntax no weighted-site Syntax gslb site site name Syntax show gslb traffic site First example shows the first two sites Site Three Implementing the active bindings metric Enabling active bindings Gslb active bindings enhancements Configuring weighted active bindings Specifying the site connection limit Configuring connection load parameters Changing the sampling intervals and sample rate Syntax no connection-load limit average-load Syntax no connection-load weights weight1 weight2...weight8 Changing the sample interval weight Syntax no flashback application tcp tolerance num Changing the FlashBack tolerance valuesSyntax no capacity threshold num Syntax no num-session tolerance num Changing the RTT cache interval Modifying round-trip time values Changing the RTT tolerance Syntax no round-trip-time cache-interval numChanging the RTT cache prefix Syntax no round-trip-time cache-prefix num Adding static prefix cache entries Syntax no round-trip-time explore-percentage num Secure Gslb Enabling default geographic locationPage Secure Gslb Gslb message content randomizationConfiguring secure Gslb RSA challenge dialogue Generating RSA key pair Configuring secure-communication on the controller Exchanging public keys Bob sends back his public key C.D Selecting a peer public key management option Syntax clear gslb session-keys Regenerating the session keysManually regenerating the session keys Dynamically regenerating the session keys Minimum Gslb configuration Site persistence in Gslb using stickiness Algorithm Enabling sticky Gslb Site persistence in Gslb using stickiness Syntax no sticky age value Configuring the sticky Gslb session life timeAllowing sticky sessions for a specific prefix length Syntax no sticky Syntax show session all offset Displaying current sticky Gslb sessions Syntax show gslb dns detail Sticky Gslb counters Enabling hash-based Gslb persistence Site persistence in Gslb using hashingDeleting sticky Gslb session for a specific client Deleting all sticky Gslb sessions Syntax show gslb phash table Hashing scheme Rank IP address allocationIP address failure or removal from domain Rehash new IP address for a domain or change of state Disabling rehash Syntax hash-persist hold-down time Syntax hash-persist persist-rehash-disable time-outManually forcing rehash for a domain Show commands This section contains the following subsections Weighted distribution of sites with hash-based persistenceWeighted distribution of sites with hash-based persistence Syntax show gslb phash table zone-name name host-name name IP address allocation Gslb weighted hash-based persistenceGslb hash-based persistence Hashing scheme IP address failure or removal from domain Disabling rehash on change in hash weight configuration Rehash change in hash weight Syntax no prefix-len-hash-persist length Enabling weighted hash-based Gslb persistenceSyntax no hash-persist weighted Syntax host-info host-nameip-hash-weight IPaddress weight Configuring weights for domain IP addressesDisable rehash when weight for an IP is changed Syntax no hash-persist disable-weight-rehash Hash persist hold down timer Syntax show gslb policy host-policy-name policy-name Show commandsManually forcing rehash for a domain Clear Gslb phash counters Displaying the contents of active RTT cache entries Affinity Affinity Syntax gslb affinity Defining the affinity Syntax show gslb cache ip-addr Displaying RTT prefix cache entries Syntax show gslb dns detail name Gslb domain-level affinityDisplaying affinity selection counters Overview of Gslb domain-level affinity Associating the domain-level group with a domain Command line interfaceConfiguring an affinity for prefix 0.0.0.0/0 Creating a domain-level affinity group Syntax show gslb resources Show gslb affinity-group group-numberSyntax show gslb affinity-group group-number Show gslb resources Syntax show gslb dns detail zone-name DNS cache proxyDNS cache proxy Show gslb dns detail Syntax no dns cache-proxy To enable DNS cache proxy, enter the following commandsEnabling DNS cache proxy Displaying DNS cache proxy state Syntax show gslb global-stat DNS cache proxy Disable the defaultDisplaying DNS cache proxy statistics Gslb DNS type any query Combining the DNS cache proxy and DNS override features Transparent DNS query intercept Transparent DNS query intercept configuration Transparent DNS query intercept Redirecting queries Syntax no server virtual-name-or-ip name ip-addrintercept Syntax no server remote-name name ip-addrSyntax no source-nat Syntax no port dns Syntax ip policy index cache udp dns global Redirecting queries and perform GslbSyntax no bind dns real-server-namedns Responding to queries directly Syntax dns transparent-intercept Displaying transparent DNS query intercept statistics Each message shows the following information Enabling DNS request loggingSyntax no gslb log-dns Enabling DNS request logging Gslb request information Support for the RTT metric Enabling DNS request logging Distributed health checks for GslbBP support as Gslb agent ADX Syntax no si-name name ip-addrno-si-dist-health-check Syntax no no-distributed-health-check Configuring the health status reporting intervalSyntax no si-name name ip-addrenable-si-dist-health-check Disabling or re-enabling distributed health check Syntax no agent-health-report-interval secs Configuring the agent health report intervalDebugging the distributed health check Syntax no health-status-interval secs Impact of distributed health checks on the Flashback metric Example Configuration examplesTopology Example Example Steps involved in a Dnssec resolution are Dnssec Example with Authentication Chain Dnssec Verification with DIG Dnssec Gslb in DNS proxy mode Configuring a backend Adns server as Dnnsec capable Configuring Dnssec for GslbCache proxy mode Configuring a zone for Dnssec Syntax no server use-dnssec-servers-for-dns-queries Displaying Dnssec configurationDisplaying Dnssec statistics Syntax no port dns use-dnssec-servers-for-dns-queries Host-level policies for site selection Configuring host-level policiesHost-level policies for site selection Global vs host-level policy Defining a name for a host-level Gslb policy Configuring the parameters for the host-level policy Removing all IP addresses except the best address Syntax no dns active-only Modifying Flashback tolerance To re-enable this metric, enter the following commandDisabling or re-enabling the Flashback metric Syntax no flashback Syntax no health-check Enabling the Geographic metricSyntax no geographic Enabling the Health Check metric Resetting the order of the metrics Enabling the Preference metric Configuring the Num-session ToleranceEnabling the Num-session metric Syntax no num-session Syntax no round-trip-time Changing the RTT tolerance Syntax no weighted-ipEnabling the weighted site metric Syntax no round-robin Enabling the Round-Trip-Time metric Displaying a host-level policy Syntax no weighted-siteDisplaying host-level policy information Applying a host-level policy to a Gslb host Syntax show gslb policy host-policy-all Displaying all Gslb policies Syntax show gslb dns zone I detail Displaying the policy used for hostsDisplaying the number of host-level policies Syntax clear gslb host-policy policy-name Configuration exampleDeleting Gslb host-level policies Deleting a policy that is not applied to a host How geographic location is determined Geographic region for a prefix For IPv6 Configuring a geographic prefixFor IPv4 Syntax show gslb cache IP address prefix Displaying the number of geographic prefixesDisplaying information about geographic prefix Geographic region for a prefix Syntax show gslb cache all geographic user-configured Example configuration 90% of 22ms + 10% of 1 sec = 119ms Smoothing mechanism for RTT measurementsSmoothing mechanism for RTT measurements 90% of 20ms + 10% of 40ms = 22ms 134 Syntax gslb enhanced-rtt-smoothing Enabling enhanced RTT smoothing Disabling enhanced RTT smoothing Configuring the parameters Syntax no ramp-down-factor value Specifying the ramp-up-factorSyntax no ramp-up-factor value Specifying the ramp-down factor Syntax rtt-val value Syntax enable-sim-new-rtt-smoothSyntax disable-sim-new-rtt-smooth State gets cleared. You can command in the simulation Smoothing mechanism for RTT measurements Smoothing mechanism for RTT measurements Round-trip times Determining if the new RTT smoothing mechanism is enabledRound-trip times Passive RTT gathering Passive RTT gathering Active RTT gathering Active RTT gathering Support for both active and passive RTT Enabling active RTT Active RTT gathering issues and trade-offs Syntax no gslb active-rtt-gathering Syntax no gslb disable-rtt-gatheringDiscarding passive RTT Disabling passive RTT gathering Specifying how often to report the active RTT Configuring active RTT parametersConfiguring active RTT query message interval Configuring the cache interval for active RTT prefix Syntax no gslb agent-rtt-refresh-interval value Configuring the active RTT refresh intervalSetting the RTT algorithm modes Using only passive RTT Accepting DNS RTT measurements Syntax gslb dns-probe enable-fallbackSyntax gslb dns-probe disable-fallback Probes for RTT gathering Sending DNS probes on a different port Aging out prefixes when Icmp probe failsAging out prefixes when DNS probe fails Enabling the DNS prober Active RTT gathering and high availability support Displaying the RTT gathering mechanism Displaying RTT information Syntax show gslb active-rtt-info Displaying the active RTT gathering configuration Syntax show gslb cache ip-address Displaying the RTT information of a client IP addressRound-trip times Show Gslb active RTT information This field Displays For example, enter a command such as the following Displaying the RTT algorithm mode Gslb affinity for high availability Configuring an HA groupGslb affinity for high availability Enabling dynamic detection Syntax no gslb dynamic-peer-detect Displaying HA informationDisplaying all HA groups Displaying the HA peer for a site Displaying the dynamically detected HA pairs Gslb affinity for HA View the configured HA group using the following command Syntax no gslb process-vip-list-optimize This command requires a reload to take effectGslb optimization Optimized VIP list processing Syntax no gslb dont-send-active-bindings Syntax no si ip-addressoptimized-dist-hcheckSyntax no gslb send-vip-list-optimize Gslb optimization On the site ServerIron ADX, configure the following commands Displaying Gslb information Guidelines and recommendations for using this featureDisplaying Gslb information Displaying site information Name parameter specifies a site name Syntax show gslb site name Site Displaying Gslb information Global SLB site information Displaying real server information Syntax rshow remote-ip-addrserver real virtual session bind Syntax show gslb dns zone name Displaying DNS zone and hosts Zone Displaying detailed DNS information Host a Flashback Displaying metric information Syntax show gslb default Displaying the default Gslb policy DNS TTL Displaying Gslb information Gslb policy information Displaying the user-configured Gslb policy ServerIronADXconfig# show gslb cache Static prefix cache entries on Displaying Gslb resources This command shows the following information Gslb resources Session statistics Another way to list the real servers Displaying dynamic server informationDisplaying Gslb information Gslb resources Port binding information The TCP and UDP ports Syntax show server dynamic real Displaying dynamic real server informationDisplaying virtual server information Syntax show server dynamic bind Displaying the port bindingsListing the real servers Syntax show server dynamic virtual Syntax show gslb cache all Specifying the source IP of probesDisplaying information in the prefix cache Syntax gslb src-ip-active-rtt ip-address Syntax show gslb cache ip-addrlonger-than prefix-length Syntax show gslb cache all affinitySyntax show gslb cache all geographic static Syntax show gslb cache all ip-addr Syntax show gslb cache ip-addrsmaller-than prefix-length Snmp traps and syslog messagesSnmp traps and syslog messages Syntax show logging Syslog messages Disabling and re-enabling traps Gslb error handling for unsupported DNS requestsSyntax no snmp-server enable traps trap-type Using Gslb error handling with transparent intercept mode Default settings for Gslb error handling Gslb error handling for unsupported DNS requests Error handling response formatDisable or re-enabling Gslb error handling Configuring the return code Syntax clear gslb unsupported-response-cnt Viewing error handling statisticsClearing the error handling statistics Gslb error handling for unsupported DNS requests Global server load balancing for IPv6 overview Global Server Load Balancing for IPv6 Gslb for IPv6 feature support Gslb for IPv6 example IPv6 Gslb configuration On Gslb ServerIron ADX controller Basic Gslb for IPv6 configuration Enabling DNS cache proxy Configuring the Gslb controllerBasic Gslb for IPv6 configuration Adding a VIP for the Adns server Enabling DNS override Configuring zones Host-nameparameter specifies the host name Specifying DNS override IP listsSyntax no host-info host-nameip-list ipv6-address Configuring sites Enabling the Gslb protocol Site ServerIron ADX configurationBasic configuration example Configuration on Gslb ServerIron ADX Gslb controller Enable the Gslb protocol on each of the Site ServerIron ADXs Configuration on site ServerIron ADXs Gslb site persistence Advanced Gslb configuration for IPv6 Refer to Server host health Configuring Gslb policy metrics for IPv6 Not supported Refer to FlashBack speed metric Changing the order of Gslb for IPv6 policy metrics Syntax no metric-order set list Server host health metric Resetting Gslb policy metrics Enabling the weighted IP metric Weighted IP metric For zone-name, enter up to 32 characters Specifying the weight of IP addresses in the IP listAdvanced Gslb configuration for IPv6 Weighted site metric DNS response processing Traffic distribution specifications Session capacity threshold metric Configuring weighted site metrics Syntax no active-bindings Active bindings metricEnabling active bindings Configuring weighted active bindings Geographic location metric Specifying Gslb controller locations Configuring a geographic prefixSpecifying site locations Available session capacity metric FlashBack speed metric Administrative preference metric Round robin selection metric Configuring administrative preference for a siteLeast response selection metric Sticky persistence for IPv6 Enabling sticky persistence for IPv6 Syntax no sticky ipv6-prefix-length decimal Specifying sticky session prefix lengthsSpecifying sticky session life times Deleting sticky sessions Specifying hash-based persistence prefix lengths Hash-based persistence for IPv6 Syntax no ipv6-prefix-len-hash-persist decimal Weighted hash-based persistence for IPv6Manually forcing a rehash for a domain Configuring weights for domain IP addresses Disabling rehash when weight for an IP is changed Configuring an active-only policy Configuring DNS response parameters Gslb of ANY queries Configuring a best-only policy Displaying DNS cache proxy statistics Displaying Gslb for IPv6 configurationsShow commands for basic Gslb configurations Displaying Gslb for IPv6 configurations Displaying the default Gslb policy DNS TTL Displaying the user-configured Gslb policy Displaying information about a geographic prefix ServerIronADX VIP === Displaying DNS zone and hosts When you configured the zone information Africa X100us Counters 2001db8abc Cfg Zone-nameparameter specifies a particular Gslb zone Displaying site information Specifying the weight of IP addresses in the IP list on ServerIronADXconfig# show gslb site Administrative preference metric on Site-nameparameter specifies a site name Show commands for advanced featuresDisplaying the hash table Syntax show gslb ipv6 phash active-ip allocation table Troubleshooting Gslb for IPv6 configurationsClearing Gslb phash counters Displaying Gslb debug counters Troubleshooting Gslb for IPv6 configurations Syntax show gslb message IPaddress Troubleshooting IPv6 listsDebug trace for Gslb Syntax debug track feature gslb algorithm sticky generic all Troubleshooting Gslb for IPv6 configurations IPv4 RFC IPv4IPv6 DNS South America Address Designation IPv6 address assignment Lacnic