Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

GSLB - DNS response from the wrong interface

Our Intranet includes two datacenters with a CSS at each datacenter. Each CSS has a circuit to the LAN at that datacenter as well as a circuit to the CSS at the other datacenter via ATM. The problem we are having is with sites that are Global Server Load Balanced by the CSSs. Depending on where the client sits on the network and how the OSPF routing tables look, a client could send a DNS request to one interface on the CSS and get the response from the other interface. When this happens, the DNS response has a source IP of the second interface which looks like a spoof to the client.

I am wondering if anyone else has had this problem and what you have done to fix it. We are considering removing the ATM link between the two CSSs but it is nice to have. In my opinion, the CSS needs to be "fixed" to always source the DNS response with the IP address that it received the request on. In fact, the DNS RFC specifies that DNS servers must do this.

Any thoughts would be appreciated.

Thanks,

Norman Ackroyd

Web Infrastructure Specialist

na11@daimlerchrysler.com

2 REPLIES

Re: GSLB - DNS response from the wrong interface

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

Community Member

Re: GSLB - DNS response from the wrong interface

I think your describing the default dns balancing method of roundrobin. Our configurations did exactly the same thing until I added a "dnsbalance perferlocal" in the rules.

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_410/bsccfggd/owners.htm#22226

Hope I've understood the problem from your description.

Todd Roark

Sr. Network Engineer

Kinder Morgan Inc.

274
Views
0
Helpful
2
Replies
CreatePlease to create content