I am in the process of planning for a GSLB failover solution for a web site. I have attached a very basic diagram showing an example of the topology.
The aim is to have two sites. A primary site and a DR site to be used as a failover solution.
The main site has two web servers that will need to be load balanced and the failover DR site will only have 1 web server.
My initial plan was to use 2 Cisco CSS 11501S devices as I believe this would provide the load balancing and GSLB functionality I require.
To achieve this I was going to use the CSS's as the primary and secondary name servers for the domain. This has raised a few question marksâ¦.
Both of our sites are connected to a private WAN (with private IP ranges). See attached diagram. Our internet access is provide through a third party âFirewall Portâ directly off the WAN. We don't manage the firewall that connects to the internet. This third party firewall provides the NAT for our public facing services (web servers, mail servers, ftp servers etc).
So my questions areâ¦
* Because the CSS's and web servers are located on a private network will the CSS's be able to respond to the DNS requests with the PUBLIC IP address (as seeen from the internet) of the servers as apposed to the private IP address of the servers? If the firewall in front of the CSS's was connected to the internet this could be done via DNS doctoring but our firewall is on a private subnet!
* Is it possible to get the CSS's to respond to DNS requests for other domain devices that do not reside behind the CSS - E.g. a MX record for a mail server that resides on another 'private' network?
*Is there a better way to achieve this?
Any assistance would be much appreciated!!