Transparent dns query intercept – Brocade Communications Systems ServerIron ADX 12.4.00 User Manual

ServerIron ADX Global Server Load Balancing Guide

95

53-1002437-01

Transparent DNS query intercept

1

GSLB ServerIron ADX performs GSLB on client queries for IPv4 address records (A records). In
GSLB topologies, when the client query comes in for any of the other record types, the GSLB
ServerIron forwards the query to the backend DNS server and sends the DNS response unaltered
to the client.

DNS supports a special query type called "ANY". If the client sends a DNS query with type ANY, the
DNS response contains all the records configured for that domain. For example, if two A records
and two MX records are configured for www.mycompanynet.com and the client sends a type ANY
query for www.mycompanynet.com, then the DNS response contains all four records: two A records
and two MX records.

GSLB ServerIron ADX is able to handle DNS type ANY queries. If the client sends a DNS query with
type ANY, GSLB ServerIron ADX identifies it as a supported query type and performs GSLB on the A
records contained in the response.

In modes such as DNS proxy, when client sends a query with DNS type ANY, GSLB ServerIron ADX
receives the DNS server response containing all the DNS records configured for the domain. In
addition to query type A records, GSLB ServerIron ADX also identifies type ANY as a supported
query type. It will parse the DNS response to find all the A records contained within the response. It
will apply the GSLB policy to this response, reorder the A records in the response with the best A
record at the top and send the response to the querying client. Note that all records other than A
records (such as MX records and others) contained within the response, are not changed by the
GSLB ServerIron ADX.

In modes such as DNS cache proxy with DNS override, the GSLB ServerIron ADX does not have a
backend DNS server and generates the DNS response itself. If client sends a query of type ANY,
GSLB ServerIron ADX will identify this as a supported query type and apply the GSLB policy to the IP
addresses for the domain. It will send a response to the client with the selected A record for the
domain.

This feature is enabled by default.

Transparent DNS query intercept

Transparent DNS query intercept allows a ServerIron ADX to transparently intercept certain DNS
queries to the authoritative DNS server and redirect them to alternate DNS servers or handle them
directly. This feature lets the authoritative DNS server IP remain unchanged. You do not need to
change the DNS server IP address as you do in standard GSLB configurations.

This feature is useful when you want to redirect clients for certain domains to proxy web servers,
but you do not want to configure the proxy addresses on the DNS server itself or otherwise change
the configuration of the DNS server.

NOTE

The ServerIron ADX must be in the direct data path from all potential clients to the authoritative DNS
server. Otherwise, it is possible for the DNS server to receive the queries directly instead of the
ServerIron ADX.

You can configure the following types of transparent DNS query intercept:

•

Redirect the client queries to a proxy DNS server and perform GSLB on the response. The
ServerIron ADX redirects the client request for the zones configured on the ServerIron ADX to
the alternate DNS server, applies the GSLB policy on the response and gives the best
address(es) to the client.