Transparent dns query intercept – Brocade Virtual ADX Global Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

Brocade Virtual ADX Global Server Load Balancing Guide

69

53-1003245-01

Transparent DNS query intercept

1

In modes such as DNS proxy, when client sends a query with DNS type ANY, GSLB Brocade Virtual
ADX receives the DNS server response containing all the DNS records configured for the domain. In
addition to query type A records, GSLB Brocade Virtual ADX also identifies type ANY as a supported
query type. It will parse the DNS response to find all the A records contained within the response. It
will apply the GSLB policy to this response, reorder the A records in the response with the best A
record at the top and send the response to the querying client. Note that all records other than A
records (such as MX records and others) contained within the response, are not changed by the
GSLB Brocade Virtual ADX.

In modes such as DNS cache proxy with DNS override, the GSLB Brocade Virtual ADX does not have
a backend DNS server and generates the DNS response itself. If client sends a query of type ANY,
GSLB Brocade Virtual ADX will identify this as a supported query type and apply the GSLB policy to
the IP addresses for the domain. It will send a response to the client with the selected A record for
the domain.

This feature is enabled by default.

Transparent DNS query intercept

Transparent DNS query intercept allows a Brocade Virtual ADX to transparently intercept certain
DNS queries to the authoritative DNS server and redirect them to alternate DNS servers or handle
them directly. This feature lets the authoritative DNS server IP remain unchanged. You do not need
to change the DNS server IP address as you do in standard GSLB configurations.

This feature is useful when you want to redirect clients for certain domains to proxy web servers,
but you do not want to configure the proxy addresses on the DNS server itself or otherwise change
the configuration of the DNS server.

NOTE

The Brocade Virtual ADX must be in the direct data path from all potential clients to the authoritative
DNS server. Otherwise, it is possible for the DNS server to receive the queries directly instead of the
Brocade Virtual ADX.

You can configure the following types of transparent DNS query intercept:

•

Redirect the client queries to a proxy DNS server and perform GSLB on the response. The
Brocade Virtual ADX redirects the client request for the zones configured on the Brocade
Virtual ADX to the alternate DNS server, applies the GSLB policy on the response and gives the
best address(es) to the client.

•

Redirect the client queries to a proxy DNS server and send the reply unchanged. The Brocade
Virtual ADX redirects the client request to the alternate DNS server and sends the response, as
is, to the client. The alternate DNS server could be a Brocade Virtual ADX configured for GSLB,
in which case the reply has the best address(es) for the client.

•

Directly respond to client queries using the IP addresses configured for the domain. The
Brocade Virtual ADX does not forward or redirect the query to the actual or proxy DNS servers.
Instead, it directly responds to the client by applying GSLB policy to pick the best IP address
from among the IP list configured for the domain.