Displaying dnssec configuration, Displaying dnssec statistics – Brocade Communications Systems ServerIron ADX 12.4.00 User Manual

116

ServerIron ADX Global Server Load Balancing Guide

53-1002437-01

DNSSEC

1

Configuring load balancing of plain DNS request across all servers

If zones and real servers are configured for DNSSEC, then non-dnssec servers are used for
requests on non-dnssec zones. To load-balance non-dnssec (plain DNS) requests across all
servers, use one of the following commands.-

ServerIron(config)# server virtual dns_vip 209.157.23.46

ServerIron(config-vs-dns_vip)# port dns

ServerIron(config-vs-dns_vip)# port dns use-dnssec-servers-for-dns-queries

Syntax: [no] port dns use-dnssec-servers-for-dns-queries

ServerIron(config)# server use-dnssec-servers-for-dns-queries

Syntax: [no] server use-dnssec-servers-for-dns-queries

Displaying DNSSEC configuration

You can use the show glsb zone command to determine if a GSLB zone has be configured as
dnssec-capable or dnssec-only. In the following example, the GSLB zone “secure.mydnssec.com” is
configured as “DNSSEC-ONLY”

Syntax: show gslb dns zone

Displaying DNSSEC statistics

When DNSSEC is enabled (by either real server or zone), DNSSEC statistics are displayed as shown
in the following:

ServerIronADX(config)# show gslb dns zone

ZONE: secure.mydnssec.com

HOST: null-host:

(Global GSLB policy)

GSLB affinity group: global

DNSSEC-ONLY

Flashback DNS resp.

delay selection

(x100us) counters

TCP APP Count (%)

* 192.168.1.101: dns real-ip DOWN N-AM -- -- ---

* 192.168.1.102: dns real-ip DOWN N-AM -- -- ---

* 192.168.13.100: dns v-ip ACTIVE N-AM 0 0 ---

* 192.168.1.100: dns real-ip DOWN N-AM -- -- ---