I must begin with a link to this forum post where someone explains the various DNS types on a NetScaler. A must-read.
Now on to a bunch of screenshots and notes from me as I was just looking around with NetScalers and DNS. I have realized over time that my way of picking up stuff is by just doing it. A typical approach of reading about something and then trying it out doesn’t seem to work for me. (a) I get sleepy during reading and (b) that results in me never getting to the trying out stage. Instead, I seem to work better by just trying to begin with, succeed or break stuff in the process, and then go back and read or blog etc. about it. No hubris here that I am one of a kind :) am sure there’s more people who work this way – just that I too am like them.
A negative with this approach is that I must have a test lab where I can try things out. So there’s the additional effort required from me in terms of having a place where I can just break stuff. That’s probably the only negative thing I can think of about my approach. Oh, and it also takes up additional time when I want to pick up something – because first I have to set the environment up (e.g. when I was trying to pick up NSX last month) and then spend time just doing things and making/ breaking stuff in the process.
Anyways – end of digression. Back to NetScalers and DNS.
On a NetScaler, under the Traffic Management > DNS > NameServers is where you define DNS servers.
You create names servers by clicking on the “Add” button. That gives a new screen like thus:
I’ll start off the with the “Local” checkbox because it’s a very important one. Funny how it’s just there as a checkbox but it completely changes everything else!
If you tick “Local” what it means is that the NetScaler acts as a DNS server responding to queries from clients.
- Thus the IP address you specify will be a Virtual IP on the NetScaler, where you can query for DNS replies.
- The records you can query are what will be defined on the NetScaler, under the Records section.
- The NetScaler can only act as a UDP based nameserver.
If you don’t tick “Local” then the NetScaler acts as a client. It won’t respond to any DNS queries.
- Thus the IP address you specify are what the NetScaler will contact for its own DNS queries.
- From the forum post I linked to above: NetScaler will monitor this IP address via ping from the NSIP (and not the SNIP).
- Note: These IP address do not belong to the NetScaler.
- The IP addresses + DNS port combo cannot be defined on the NetScaler in the Load Balancing > Services section. You’ll get a “Resource already exists” error in that case.
- The IP addresses + DNS port combo can be defined in Service Groups. And can thus be used in load balancing etc. But as pointed out above, they cannot be defined as services.
When creating a name server it is possible to use an existing DNS virtual server if one is already defined. The caveat with this is that only UDP is allowed. It is not possible to add a TCP or UDP/ TCP entry. In fact, the only options one gets in the drop down menu are UDP only DNS load balancer virtual services. (From the forum post: in this case the NetScaler will monitor the virtual server from its SNIP).
It’s good to have TCP (or UDP/ TCP) servers in case of larger responses. In fact, when the NetScaler is acting as a load balancer for other DNS servers (this mode is called DNS proxy) it’s pretty much recommended to have TCP as an option too.
If, say, the NetScaler is defined with only a UDP based DNS server (as in the screenshot below) then queries will fail if the DNS responses are large and require a TCP connection.
root@ns10-01# dig NS tcpzone.com
;; Truncated, retrying in TCP mode.
;; communications error to 127.0.0.2#53: connection reset
This brings me to one more point. If we are creating a virtual server DNS just for the NetScaler’s internal use, we don’t need to define an IP address for it. The Name Server I have above actually does not have any virtual IP on the NetScaler.
So – to summarize:
- In the Name Servers section we can set the NetScaler to act as a DNS server for a zone it has.
- This is UDP only.
- This is not load balancing. i.e. not a virtual server.
- In the Name Servers section we can also point the NetScaler to other DNS servers the NetScaler itself can use.
- If an IP address is specified, it can be both UDP and TCP, and the NetScaler monitors it via ping from the NSIP.
- If a virtual server (see next point) is specified, it is UDP only, and the NetScaler monitors it via ping from the SNIP.
- The virtual server created for such internal use can be set in non-addressable mode (i.e. not IP address).
- In the Virtual Servers section it is possible to define a DNS service. The NetScaler will then act as a DNS server.
- This is load balancing. The NetScaler doesn’t host any zones.
- The NetScaler will cache results though and serve from those if required.
- The NetScaler does not use this internally. But it can be set to use this internally, if thus defined in the Name Servers section.
- This is for both UDP and TCP.
- This is also known as a DNS proxy.
I think that’s about the gist of it. I have skipped GSLB for now. Once again, pointing to the useful forum post. It’s a great one!