Scott,

you're mixing 2 types of config.

There are 2 ways to achieve GSLB with the CSS.

One is called zone-based and the other one is called content-based.

From the name you can guess that the content-based solution is configured with the command 'add dns' under the content rule while the zone-based solution is configured using zone and dns record.

You are doing both and this could be a problem.

So, you should go for one or the other.

I would recommend the zone-based.

Also, if you want to have both http and https keepalive for the same service, you don't have much solution but to use a keepalive script.

Finally, we now recommend not to use GSLB on the CSS but instead to deploy a GSS which offers more features for all dns related questions.

Gilles.

Hi Giles,

i am now trying to deploy zone based, however when i interactivly login to the CSS the dns-server doesn't respond at all.

I have stripped the config back but still i get nothing??

CSS-1

dns-record a www.blu-fox.co.uk 80.86.36.1

dns-server

when i try the zone stuff its exactly the same, hence i am just trying to get one working for dns to start with, I just keep seeing errors in sh dns-server stats??

Cheers

Scott

Hi Giles,

i have tried resolving things locally that i have entered A records for and i get no response.

I have set primary dns to itself.

Entered A records and tried NS records, however the CSS just won;t resolve dns????

I set up content rule based GLSB and that worked fine.

Cheers

Scott

Scott,

for zone based, you need a zone, a A-record and the dns-server command.

If you get no response, capute a 'show dns-record keepalive' and make sure everything is up.

Gilles.

Hi Giles,

I now have it working of sorts, however I couldn't get the kal-ap keepalive to work????

I was specifying the ip of the outside nic on the CSS??

Current configs as follows;

CSS-1# sh run

!Generated on 06/07/2006 07:35:56

!Active version: sg0810107s

configure

!*************************** GLOBAL ***************************

kal-none

dns-server zone 0 tier1 "dc1"

dns-server

dns-record a www.blu-fox.co.uk 80.86.36.1 15 single kal-icmp 80.86.36.1 254 st

app session 192.168.66.2

app

dns primary 192.168.64.2

host dc1 192.168.64.2

host dc2 192.168.66.2

ip route 0.0.0.0 0.0.0.0 192.168.64.1 1

!************************* INTERFACE *************************

interface e1

phy 100Mbits-FD

bridge vlan 10

interface e2

phy 100Mbits-FD

bridge vlan 20

interface e5

bridge vlan 20

interface e6

bridge vlan 20

!************************** CIRCUIT **************************

circuit VLAN10

ip address 192.168.64.2 255.255.255.0

circuit VLAN20

ip address 192.168.65.1 255.255.255.0

!************************** SERVICE **************************

service web1

ip address 192.168.65.10

keepalive type http

keepalive uri "/"

active

service web2

port 80

ip address 192.168.65.20

keepalive type http

keepalive uri "/"

active

!*************************** OWNER ***************************

owner GSLB

content http-vip

add service web1

add service web2

advanced-balance sticky-srcip

vip address 80.86.36.1

active

CSS-2

CSS-2# sh run

!Generated on 06/07/2006 07:37:26

!Active version: sg0810107s

configure

!*************************** GLOBAL ***************************

dns-server zone 1 tier1 "dc2"

dns-server

dns-record a www.blu-fox.co.uk 80.86.36.17 15 single kal-icmp 80.86.36.17 254

sticky-enabled

app

app session 192.168.64.2

host dc1 192.168.64.2

host dc2 192.168.66.2

ftp-record DEFAULT_FTP 80.86.32.86 test des-password 5c6cydtgecxchbkg /

ip route 0.0.0.0 0.0.0.0 192.168.66.1 1

!************************* INTERFACE *************************

interface e1

bridge vlan 10

phy 100Mbits-FD

interface e2

bridge vlan 20

phy 100Mbits-FD

interface e5

bridge vlan 20

interface e6

bridge vlan 20

!************************** CIRCUIT **************************

circuit VLAN10

ip address 192.168.66.2 255.255.255.0

circuit VLAN20

ip address 192.168.67.1 255.255.255.0

!************************** SERVICE **************************

service web1

ip address 192.168.67.10

active

service web2

ip address 192.168.67.20

active

!*************************** OWNER ***************************

owner GSLB

content http-vip

add service web1

add service web2

advanced-balance sticky-srcip

vip address 80.86.36.17

Does the above config do the same thing? Instead of using the kal-ap I am simply polling the vip service ip??

Cheers

Scott

yes, this is more or less equivalent.

the keepalive type kal-ap requires a tag to be associated to a content rule.

There is kal-ap-vip that works by looking for the vip corresponding the dns ip address.

If you have more than one vip and want to select a specific one, this is one you use kal-ap.

The tag is actually configured with the command 'add dns ' under the content rule.

This is explained in the following config guide

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080577cef.html#wp1119543

[look for kal-ap].

Gilles.