5. GSS will send the ip add of www.abc.com (which should be configured on ACE as VIP).
6. "Client's DNS server" will handover this VIP to client
7. Client will hit the VIP configured on ACE (for application www.abc.com).
Syed iftekhar Ahmed
My doubt is about steps 3 and 4.
In our scenario, we had done delegation of a subdomin to the GSS. Hence the DNS has two NS entries for the same subdomain.
and when a reuest comes from the Client to the DNS, the DNS does not reply back with the GSS ip address. IT inturn does a recursive lookup with the GSS, The GSSS returns the IP of the server to the DNS which inturn forwrds to the client. hence the client never sees the GSS.
WE had done a staggibg activity to test the effectiveness of this, and it was working fine.
Do you see any drawbacks in this recursive mode of operation when compared to your iterative mode.
If you carefully read the steps then you will see that I am saying the same thing.
In step 4 it's "client's DNS server" that is querying the GSS (Not the client) and in step 6 "client's DNS server" is providing the A-record (answer) to the the client. Hence client itself will never hit/Query the GSS directly.
DNS request is recursive from client's perspective only,i.e. when client hits its local DNS server its a recursive query.(Hence Local DNS server will respond back with the final answer).
Local DNS Server of the client then use iterative requests on behalf of client.
It looks as if you are mixing up the iterative & Recursive concept. Please see the following link.
gss01.abc.com. IN A 220.127.116.11 <-- A record for GSS01
gss02.abc.com. IN A 18.104.22.168 <-- A record for GSS02
When "Client DNS Server" request A-record for "www.abc.com" then since primary DNS server has an NS record for www.abc.com, it should only hand over the NS record to "client's DNS Server". So the client's DNS server should contact the GSS to get the final answer.
Proximity/Sticky logic wont make any sense if "DNS server authoritative" for domain is the only GSS client.
In our scenario the Auth DNS is authoritative for abc.com. There is no change in that. the cusotmer wants only s subdomain like xyz.abc.com to be delegated to the GSS.Hence we have created a delegationa and assigend GSS as the NS for xyz.abc.com,
Hence any request for xyz is sent to GSS and the DNS still remains the autoritative for any other requests to abc.com
So what the client DNS sees isthe auth DNS and not the GSS.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...