GSS Keepalives

Unanswered Question
Jul 14th, 2008

Hi All,

1. Should the GSS need a public IP? Which is recommended?

2. The A response is created in GSS. But the Sniffer shows that the GSS is sending the response to the DNS and then DNS forwards it to the browser. Is this the valid behaviour. Or should the GSS forward the A response directly to the client.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Mon, 07/14/2008 - 09:34

1. Main purpose of GSS is to Globally loadbalance Data centers (provide Geo Redundancy).You delegate your domain to the GSS and then GSS makes intelligent decisions based on DNS requests it recieves. In order to delegate your domain to it, you definitely want a public IP.

2.IF you are not using GSS as a full fledge DNS Server (CNR functionality-- meaning your clients have GSS IP as the DNS Server) then GSS should never recieve any DNS request from client directly. Client ask its configured DNS Server for name resolution and then Client's DNS server contacts GSS to get the answer. So in a nut shell DNS servers are the actual GSS clients.


Syed Iftekhar Ahmed

sanjumathen Mon, 07/14/2008 - 09:50

Hi Syed,

Thanks for your reply.

1. There is no global loadbalancing happening here. Cause both the sites are in the same country(just physically seperate locations).

The customer wants only some specific requests(such as a billing server request eq: to be forwarded from the DNS to the GSS. For any other request other than, within the same domain( the DNS will act as the autorised NS. The client tis configured with the IP of the DNS. Hence any request for finally hits the GSS(delegation done in DNS) and the GSS returns the A record to the DNS, The DNS sends the A-record to the client.Its a recursive lookup.In this scenario the reply from GSS,for a request to goes to the DNS, which inturn forwards to the client. So do we need a public IP for the GSS?

We need the same setup running in the other site. This is where the database synch factor comes into picture. So if they can use a private IP, then the synchronisation can happen through a private link between the two locations and doesnt have to happen over the internet, this again rules out the need for the public IP.

We are not using a CNR in this setup since we are not planning to make the GSS a fully fledged DNS. It will act as DNS only for some specific subdomains.

Syed Iftekhar Ahmed Mon, 07/14/2008 - 10:05

Where are the end clients?

Inide the network (private) or outside (public).

Lets draw a flow with assumption that clients are using public IPs.

1. Client will hit their locally assigned public DNS server for query

2. Client DNS Server will Contact "DNS server authoritative for"

3. "DNS server authoritative for" will ask "Client's DNS Server" to contact GSS to get the answer for and will handover the IP of GSS.

4. "Client's DNS Server" will then contact GSS (using the GSS IP) and will get the IP address for

5. "Client's DNS Server" will finally hand the IP over to the client.

If we use private IP on GSS then in step 3 the client's DNS will be handed over a private IP .Since this DNS server is outside the private Network, it wont be able to reach GSS.

If all clients & client's DNS servers reside inside private Net the you can use Private IPs on GSS. The Answers on GSS can be public/private (as the need be).



sanjumathen Tue, 07/15/2008 - 05:23

Hi Sayed,

In step 3 : The authoritative DNS for "" is configurd with a delegation for the subdomain Hence the DNS just forwards the request to the GSS. This is recyrsive mode of operation.

Your traffic flow assumes that DNS is working in iterative mode. IN that case the GSS requires a public IP. If it works in recursive mode , private IP should work..

Have you done any implementations???

and their is a link between the two locations. If we use private IP the GSS synchronisation can happen through this link and doesnt need to go through the internet.



Syed Iftekhar Ahmed Tue, 07/15/2008 - 09:23

your assumption is not correct.

DNS request is recursive from client's perspective only,i.e. when client hits its local DNS server its a recursive query.(Hence Local DNS server will respond back with the final answer).

Local DNS Server of the client then use iterative requests on behalf of client.

"Source address lists" in the GSS rules represent the Client's D-proxy. Using which you can make rules to serve A records close to the source DNS ( Take people in ASIA to Data center in ASIA and people in US to US data center logic) . If "Domain's Authoritative DNS server was the GSS client then you couldn't achieve that.


sanjumathen Sun, 07/20/2008 - 00:53

Thanks a lot iftekhar,

we tested it in iterative mode. Its working fine as you said.

We are planning to test with both the interfaces.

One interface will have public IP and the pther will have private IP.

Is it possible to assign a Private IP to the second interface. Why it wont accept the IP??

Is the second interface a standby interface.



Syed Iftekhar Ahmed Sun, 07/20/2008 - 11:16

You cannot enter interface commands while the GSS software is running.Enter the gss stop command to stop the GSS software before executing any interface level command.

Both Interfaces can be active at at a time. You can configure these interfaces such that GSS uses one interface for Inter-GSS management traffic and other interface for Keepalive traffic.This can be done using "gss-communication" and "gss-tcp-keepalive" interface level commands.

Syed Iftekhar Ahmed


This Discussion