08-26-2008 01:44 AM
Hi Iftekhar,
Found the follwing traffic flow in one of your responses to a qurey for integrating DNS with GSS.
!!!!!!!!!!!!!!!!!
Typical flow is as follows
1. Client will hit their DNS servers (configured on their machines as primary/backup dns server).
2. "Client's DNS server" will query "DNS server authoritative for abc.com" for www.abc.com.
3. "DNS server authoritative for abc.com" will ask "client's DNS server" to query "GSS - Authoritative for <A HREF="javascript:newWin('http://www.abc.com"')">www.abc.com"</A>
4. "Client's DNS server" will query GSS for www.abc.com.
5. GSS will send the ip add of www.abc.com (which should be configured on ACE as VIP).
6. "Client's DNS server" will handover this VIP to client
7. Client will hit the VIP configured on ACE (for application www.abc.com).
Syed iftekhar Ahmed
!!!!!!!!!!!!!!!!
My doubt is about steps 3 and 4.
In our scenario, we had done delegation of a subdomin to the GSS. Hence the DNS has two NS entries for the same subdomain.
and when a reuest comes from the Client to the DNS, the DNS does not reply back with the GSS ip address. IT inturn does a recursive lookup with the GSS, The GSSS returns the IP of the server to the DNS which inturn forwrds to the client. hence the client never sees the GSS.
WE had done a staggibg activity to test the effectiveness of this, and it was working fine.
Do you see any drawbacks in this recursive mode of operation when compared to your iterative mode.
please advice.
rgds
Sanju
08-26-2008 08:51 AM
Sanju
If you carefully read the steps then you will see that I am saying the same thing.
In step 4 it's "client's DNS server" that is querying the GSS (Not the client) and in step 6 "client's DNS server" is providing the A-record (answer) to the the client. Hence client itself will never hit/Query the GSS directly.
DNS request is recursive from client's perspective only,i.e. when client hits its local DNS server its a recursive query.(Hence Local DNS server will respond back with the final answer).
Local DNS Server of the client then use iterative requests on behalf of client.
It looks as if you are mixing up the iterative & Recursive concept. Please see the following link.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncc_dns_eqhi.mspx?mfr=true
to clear your confusion.
HTH
Syed Iftekhar Ahmed
08-26-2008 09:51 PM
Hi Syed,
Sorry i didnt make myself clear there,
WHat is mean is will the client DNS query the GSS.
In our scenario the Client DNS is answered by the authoritative DNS itslef for the domain and not by GSS.
Client ---> CL DNS ---> Auth DNS ---> GSS ---> Web Server
The request goes to the Auth DNS which forwards it to the GSS, the GSS returns the A record to the Auth DNS ,and the resposnse goes from the auth DNS to the client. iS this a valide behavour?
please advice
08-26-2008 10:11 PM
The "DNS server authoritative for for Domain" should have a NS record pointing towards the GSS.
For example if DNS server is authoritative for "abc.com" and you make GSS authritative for "www.abc.com" then primary DNS server should have folloiwng records
www.abc.com. IN NS gss01.abc.com. <-- NS record for http://www.abc.com via GSS01
www.abc.com. IN NS gss02.abc.com. <-- NS record for http://www.abc.com via GSS02
gss01.abc.com. IN A 1.1.1.1 <-- A record for GSS01
gss02.abc.com. IN A 2.2.2.2 <-- A record for GSS02
When "Client DNS Server" request A-record for "www.abc.com" then since primary DNS server has an NS record for www.abc.com, it should only hand over the NS record to "client's DNS Server". So the client's DNS server should contact the GSS to get the final answer.
Proximity/Sticky logic wont make any sense if "DNS server authoritative" for domain is the only GSS client.
Syed Iftekhar Ahmed
08-26-2008 11:10 PM
Hi Syed,
In our scenario the Auth DNS is authoritative for abc.com. There is no change in that. the cusotmer wants only s subdomain like xyz.abc.com to be delegated to the GSS.Hence we have created a delegationa and assigend GSS as the NS for xyz.abc.com,
Hence any request for xyz is sent to GSS and the DNS still remains the autoritative for any other requests to abc.com
So what the client DNS sees isthe auth DNS and not the GSS.
rgds
Sanju
08-26-2008 11:38 PM
If GSS is responding to DNS request for the subdomain and Primary DNS server is serving records for the parent domain then its the correct behaviour.
Syed Iftekhar Ahmed
08-26-2008 11:43 PM
thanks a lot Syed...Was afraid whether it is correct or wherther it is required to operate in iterative mode..cheers mate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: