cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
476
Views
25
Helpful
8
Replies

CSS Implement Zone Based DNS to existing config

wilson_1234_2
Level 3
Level 3

I have a CSS with the config shown below.

We have two servers configured for failover to DR and we are going to add a mail server as well.

As a box to box failover to DR, it is working great, if the primary server is down, the CSS redirects web requests to the DR site thru our internal MPLS cloud.

If the Internet connectivity at the main site dies, so does our web connectivity.

We have a second CSS and want to set up a failover solution so that we can use the DR site Internet connection as a backup link to our web servers.

I would like to keep the existing config the way it is and add the necessary components to make this work.

Zone Based DNS seems to be the recommended solution.

Can I just add the DNS components to this config?

The idea would be to have the DR site point to the primary server at the Main site, and if that fails, go to the server local to the DR site.

This way, if the Main site Internet connection goes down, the users would still point to the primary server

!************************** CIRCUIT **************************

circuit VLAN1

ip address 2.1.1.75 255.255.255.0

!************************** SERVICE **************************

service MCI-MCW-backupredirect

type redirect

port 80

keepalive type none

redirect-string "www.p.com"

ip address 2.1.1.73

active

service MCI-MCW-dr

ip address 2.1.1.77

protocol tcp

keepalive type http

port 80

active

service MCI-MCW-dr-443

ip address 2.1.1.77

protocol tcp

port 443

active

service MCI-MCW

ip address 2.1.1.76

protocol tcp

keepalive type http

port 80

active

service MCI-MCW-443

ip address 2.1.1.76

protocol tcp

port 443

active

service MCI-p.com-backupredirect

type redirect

port 80

keepalive type none

redirect-string "web.p.com"

ip address 2.1.1.76

active

service MCI-p.com-dr

protocol tcp

port 80

keepalive type http

keepalive uri "/index.asp"

ip address 2.1.1.74

active

service MCI-p.com

protocol tcp

port 80

keepalive type http

keepalive uri "/index.asp"

keepalive retryperiod 15

keepalive frequency 15

ip address 2.1.1.73

active

!*************************** OWNER ***************************

owner MCI-MCW

content MCI-MCW-http-rule

add service MCI-MCW

primarySorryServer MCI-MCW-dr

balance aca

secondarySorryServer MCI-MCW-backupredirect

vip address 2.1.1.70

protocol tcp

port 80

url "/*"

active

owner MCI-MCW-443

content MCI-MCW-https-rule

add service MCI-MCW-lk-443

primarySorryServer MCI-MCW-dr-443

vip address 2.1.1.70

protocol tcp

port 443

active

owner MCI-p.com

content MCI-p.com-http-rule

add service MCI-p.com

balance aca

protocol tcp

port 80

url "/*"

primarySorryServer MCI-p.com-dr

secondarySorryServer MCI-p.com-backupredirect

vip address 2.1.1.71

active

!*************************** GROUP ***************************

group MCI-MCW-http-group

add destination service MCI-MCW

add destination service MCI-MCW-dr

vip address 2.1.1.70

add destination service MCI-MCW-443

add destination service MCI-MCW-dr-443

active

group MCI-p.com-http-group

add destination service MCI-p.com

add destination service MCI-p.com-dr

vip address 2.1.1.71

active

!**************************** ACL ****************************

8 Replies 8

Gilles Dufour
Cisco Employee
Cisco Employee

yes, you can simply add the dns commands to your existing config.

The commands are explained at

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.20/configuration/advanced/guide/DNS.html#wp1102400

You first need to configure a zone and then add the dns a-record.

Use a keepalive, so the CSS can detect that a site is down.

You will also need to modify your dns server to have it forward dns request to the CSS.

Once again, this is not the cisco recommended solution.

Currently, the best option is to use a GSS and not use DNS functionality on the CSS.

Also, be aware that if you did not purchase a DNS license already for your CSS, you will not be able to get one from us as we do not sell this functionality anymore.

Without the license, the DNS commands will not exist.

Gilles.

You don't sell the enhanced feature set anymore?

In the GSS solution, do I have to buy two of those also?

How is the failover set up in that scenario?

I spoke with the product manager for the CSS.

I have to correct my previous statement.

We still support the GSLB feature on the CSS and we still sell the enhanced license.

However, we do not plan to add more features to this solution or improve the current behavior/performances.

The GSS is still an active device with many engineers working to make this product a better solution.

Sorry for the initial confusion.

If you opt for the GSS, it offers the possibility to have a standby device.

Gilles.

Thanks for clarifying that.

How do I check to make sure I can use the DNS functionality?

If I cannot, what are the procedures to add it?

show ver would include

Licensed Cmd Set(s): Standard Feature Set

Enhanced Feature Set

or check for command "dns-server"

Ok,

I have the Standard Feature Set.

Do I need to purchase the upgrade IOS, or can I download it?

It's not an IOS, it is just a PAK # you enter an activation code in existing IOS and it's not cheap as I recall.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: