Brocade Communications Systems 12.4.00 Manual De Usuario
ServerIron ADX Global Server Load Balancing Guide
99
53-1002437-01
Transparent DNS query intercept
1
This command configures a virtual server that has the DNS server’s actual IP address. When the
ServerIron ADX receives a DNS query addressed to the DNS server IP address, the ServerIron ADX
intercepts the packet instead of forwarding it to the DNS server. The intercept parameter is
required and indicates that you want to use the virtual server for intercepting DNS queries. This
parameter also instructs the ServerIron ADX to ignore ARP requests and pings to the address. The
ServerIron ADX needs to ignore ARPs and pings to the address because the address still belongs to
the authoritative DNS server. Without the intercept parameter, the ServerIron ADX will respond to
ARPs and pings to the virtual server’s IP address.
ServerIron ADX receives a DNS query addressed to the DNS server IP address, the ServerIron ADX
intercepts the packet instead of forwarding it to the DNS server. The intercept parameter is
required and indicates that you want to use the virtual server for intercepting DNS queries. This
parameter also instructs the ServerIron ADX to ignore ARP requests and pings to the address. The
ServerIron ADX needs to ignore ARPs and pings to the address because the address still belongs to
the authoritative DNS server. Without the intercept parameter, the ServerIron ADX will respond to
ARPs and pings to the virtual server’s IP address.
Syntax: [no] bind dns <real-server-name> dns
This command binds the real server (the alternative DNS server) to the virtual server (the
intercepted authoritative DNS server). This command creates an entry in the ServerIron ADX’s port
binding table that allows the ServerIron ADX to redirect DNS traffic sent to the authoritative DNS
server to the alternative DNS server.
intercepted authoritative DNS server). This command creates an entry in the ServerIron ADX’s port
binding table that allows the ServerIron ADX to redirect DNS traffic sent to the authoritative DNS
server to the alternative DNS server.
Syntax: [no] gslb dns zone-name <name>
This command specifies the zone for which you want to intercept queries. The ServerIron ADX will
intercept and redirect DNS queries only for the zones you specify, and forwards all other client
queries to the authoritative DNS server.
intercept and redirect DNS queries only for the zones you specify, and forwards all other client
queries to the authoritative DNS server.
Syntax: [no] host-info <host-name> <host-application> | <tcp/udp-portnum>
This command specifies the host application on the zone you specified above.
Syntax: ip policy <index> cache udp dns global
This command enables the ServerIron ADX to examine incoming DNS packets. This command is
required.
required.
Redirecting queries and perform GSLB
To configure transparent DNS query intercept to redirect queries to a proxy DNS server and perform
GSLB on the response, do the following:
GSLB on the response, do the following:
•
Configure a real server with the IP address of the proxy DNS server
•
Configure a virtual server with the IP address of the authoritative DNS server, which you want
to intercept.
to intercept.
•
Specify the domain and host application for which you want to intercept queries.
•
Configure an IP policy to enable the ServerIron ADX to examine incoming DNS packets.
•
Enable port dns proxy on the real server corresponding to the proxy server.
NOTE
A ServerIron ADX intercepts queries only for domain names configured on the ServerIron ADX. For
domain names that are not configured on a ServerIron ADX, the ServerIron ADX still sends queries
to the authoritative DNS server.
A ServerIron ADX intercepts queries only for domain names configured on the ServerIron ADX. For
domain names that are not configured on a ServerIron ADX, the ServerIron ADX still sends queries
to the authoritative DNS server.
To configure the ServerIron ADX to redirect queries to another DNS server and apply GSLB on the
response, enter commands such as the following:
response, enter commands such as the following:
ServerIronADX(config)# source-ip 209.157.23.100 255.255.255.0 0.0.0.0
ServerIronADX(config)# server remote-name dns-redirect 209.200.22.100
ServerIronADX(config-rs-dns-redirect)# source-nat
ServerIronADX(config-rs-dns-redirect)# port dns proxy
ServerIronADX(config-rs-dns-redirect)# exit