GSS (vs) Cached DNS responses

Answered Question
Nov 15th, 2008

I am trying to understand the GSS product and how it provides 'immediate' redundancy across multiple data center(s).

So lets assume that the GSS (with CNR installed) has been deployed and functions as the authoritative server for the domain (www.test.com). The goal is to provide active/standby type configuration between two data centers.

If a client tries to access the page (www.test.com), the GSS replies with the address of server (e.g: 1.1.1.1) residing in Data Center(a). However lets assume after the response from GSS is sent to client and the client is trying to connect to the www.test.com using Ip address 1.1.1.1, Data Center(a) becomes unavailable. How will this connection get redirected to Data Center(b)'s IP address 2.2.2.2?

All subsequest request from the client will be done using 'DNS cache' so the GSS does not come into the picture since the client already knows the IP address of www.test.com (1.1.1.1).

Is this how it works or am I missing something here?

Thanks in advance for the response.

I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 8 years 3 weeks ago

You are right.

If you donot configure the TTL value then 20 sec (default) is used.

Some of my previous GSS customers wondered why cisco kept it 20sec and why not 0 sec (to make it non-cachable). I think the reason is that a majority of DNS implementations do not honor 0 as TTL.

More details on how to change it (Using CLI) at

http://www.ciscosystems.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v2.0/configuration/cli/gslb/guide/DNSRules.html#wp1196561

Using GUI

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v3.0/configuration/gui/gslb/guide/DNSRules.html#wp1055680

HTH

Syed Iftekhar Ahmed

Correct Answer by Syed Iftekhar Ahmed about 8 years 3 weeks ago

Syed

There are few things you should keep in mind.

User Workstation is not the real client for GSS. Its primarily the Client's DNS Server.

With respect to caching you are very correct that GSS (for that matter any DNS based GSLB method) is prone to DNS caching issues.

There are various points in the network that stores/caches DNS information.

1. Client's DNS Servers

2. Client PC's OS

3. Browser on Client's PC

To mitigate Client DNS Server issue you need configure the A record served by GSS with a smaller TTL value. This "A-record TTL value" dictates how long can DNS server caches a DNS record. So for example if you set A-record TTL value to 5 minute then the worst outage of service you will get will be 5 minutes (as Client's DNS server will only cache it for 5 minutes and at 6th minute Client's DNS server will contact GSS again and will get the active vip as answer.

If you are using newer IE versions (6.x+) then you are in a better situation as these IEs try to resolve again if the web access to IP in DNS cache fails and hence will get the active IP on GSS.With Pre-6.x versions problem is severe as not only this feature is missing but also the DNS caching time is from 30 mins to 24 hours.

With Firefox (last time I checked) this dns cache timeout is 15 minute (so in worst case scenario the service outage will be 15 minutes).

Using google you can get lots of tools to disable dns caching on browsers. I know this is not a cool solution but it can be done.

In nutshell yes GSLB has issues with DNS caching but it still gives you a solution which can move client to a different Data center (after dns cache timeout).

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Mon, 11/17/2008 - 00:46

Syed

There are few things you should keep in mind.

User Workstation is not the real client for GSS. Its primarily the Client's DNS Server.

With respect to caching you are very correct that GSS (for that matter any DNS based GSLB method) is prone to DNS caching issues.

There are various points in the network that stores/caches DNS information.

1. Client's DNS Servers

2. Client PC's OS

3. Browser on Client's PC

To mitigate Client DNS Server issue you need configure the A record served by GSS with a smaller TTL value. This "A-record TTL value" dictates how long can DNS server caches a DNS record. So for example if you set A-record TTL value to 5 minute then the worst outage of service you will get will be 5 minutes (as Client's DNS server will only cache it for 5 minutes and at 6th minute Client's DNS server will contact GSS again and will get the active vip as answer.

If you are using newer IE versions (6.x+) then you are in a better situation as these IEs try to resolve again if the web access to IP in DNS cache fails and hence will get the active IP on GSS.With Pre-6.x versions problem is severe as not only this feature is missing but also the DNS caching time is from 30 mins to 24 hours.

With Firefox (last time I checked) this dns cache timeout is 15 minute (so in worst case scenario the service outage will be 15 minutes).

Using google you can get lots of tools to disable dns caching on browsers. I know this is not a cool solution but it can be done.

In nutshell yes GSLB has issues with DNS caching but it still gives you a solution which can move client to a different Data center (after dns cache timeout).

Syed Iftekhar Ahmed

smhussain Mon, 11/17/2008 - 05:07

Thanks for the response Iftekhar.

I am assuming the TTL value of the A record can be modified directly on the GSS for a domain that the GSS is answering for?

Thanks again!

Syed

Correct Answer
Syed Iftekhar Ahmed Mon, 11/17/2008 - 11:32

You are right.

If you donot configure the TTL value then 20 sec (default) is used.

Some of my previous GSS customers wondered why cisco kept it 20sec and why not 0 sec (to make it non-cachable). I think the reason is that a majority of DNS implementations do not honor 0 as TTL.

More details on how to change it (Using CLI) at

http://www.ciscosystems.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v2.0/configuration/cli/gslb/guide/DNSRules.html#wp1196561

Using GUI

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v3.0/configuration/gui/gslb/guide/DNSRules.html#wp1055680

HTH

Syed Iftekhar Ahmed

smhussain Mon, 11/17/2008 - 11:35

Nice.

That explains everything.

Thanks again for the prompt response.

Syed

Actions

This Discussion