CSS redundant interface and DNS server

Unanswered Question
Mar 27th, 2008

We're attempting to implement a pair of CSS's using redundant ASR and GSLB where the CSS's act as DNS servers.

But I'm not sure if the 2 features are compatible. The CSS's answer DNS queries to their direct interface but not the redundant interface.

Does anyone have any suggestions or work-arounds? We're running version 8.20.

TIA,

Dan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Diego Vargas Thu, 03/27/2008 - 09:32

Dan, I do not think you should have any problems with ASR and GSLB.

Honestly I am not clear what you mean with CSS no answering DNS queries for the redundant interface.

On a GSLB environment you configure your CSS to resolve DNS queries for the VIPs, this using either content-based or zone-based GSLB.

It is not really clear to me what the issue is. Is your CSS resolving dns queries for the VIPs?

Are you using zone-based or rule-based GSLB?

dan.shalinsky Thu, 03/27/2008 - 09:44

We are using rule-based GSLB. If I direct DNS queries to the VLAN ip address, I receive an answer. But if I query the VRRP ip (redundant-interface IP), then I get no response.

The documentation for "show redundant-interfaces" mentions that I should see the status of the DNS server but I do not.

DXX-CSS-PR1# sh redundant-interfaces 10.1.60.13 60

Redundant-Interfaces:

Interface Address: 10.1.60.13 VRID: 60

Redundant Address: 10.1.60.12 Range: 1

State: Master Master IP: 10.1.60.13

State Changes: 1 Last Change: 03/27/2008 03:11:36

DXX-CSS-PR1#

Because of the recent puchase of the enhanced license, I did enable "dns-server" after the VRRP redundant interfaces had been configured. Should move the config and re-apply it perhaps?

Many thanks for your assistance,

Dan

Diego Vargas Thu, 03/27/2008 - 10:05

Ok, so this is your problem right:

A client need to access a web page. It sends his request to a CSS asking to resolve

a DNS query. The goal of the CSS is to catch the request, reply to the clients with it's own IP and act as a proxy for all DNS queries. Everythings works fine if the request is sent to the physical IP address of

the CSS and it doesn't works if it is sent to the virtual IP address (the address shared between the two

CSS in failover).

Proper configuration explain here, but you are running 8.20 and I think there are some restrictions, please let me double-check.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/VIPRedun.html#wp1052113

Diego

Diego Vargas Thu, 03/27/2008 - 10:21

Dan doing some research I can see that the option to configure redundant-interface to resolve dns queries is not included on CSS 11500 series, this from the documentation.

On the document for CSS 11000 series that I provided before shows:

Configuration Requirements and Restrictions

The following requirements and restrictions apply to the configuration of this feature.

•You can configure this feature only on Cisco 11000 series CSSs (not 11500)

If I look at the redundant-interface configuration on old CSS 11000 series I see the option for dns:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/VIPRedun.html#wp1067528

Look at this line:

dns-server - Keyword that enables the CSS to respond to DNS queries destined for the redundant interface IP address. For more information, see the "Configuring a Redundant Virtual Interface to Respond to DNS Requests" section.

On new CSS 11500 series this option is not available:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1067528

I am trying to find if there is any workaround but so far semms that is expected to miss this feature on CSS11500.

Diego Vargas Thu, 03/27/2008 - 11:41

Dan I have confirmed this is not supported on newer versions, it seems like it was considered to be added but were not.

I guess reason is that most people migrated the DNS functionality to GSS which is much more capable in terms of GSLB than the CSS alone.

dan.shalinsky Thu, 03/27/2008 - 11:44

Well, not the answer I was hoping for but many thanks for confirming this. I will look into the GSS as well.

best regards,

Dan

Actions

This Discussion