[f-nsp] ServerIronXL 16 or 24 port questions..

Emilia Lambros emilial at hostworks.com.au
Mon Jun 28 08:24:15 EDT 2004 

Ours is pretty much the same except for having no real servers for DNS and a separate virtual for the actual website and also:

gslb policy
 metric-order set health-check preference capacity round-trip-time geographic num-session flashback
 preference
 dns ttl 5
 dns active-only
 dns best-only
 dns override                                                     
 dns cache-proxy
 protocol status-interval 2


what do your round trip commands do in the policy?  I could look it up myself but I'm incredibly lazy :)

Em




-----Original Message-----
From: Bjørn Mork [mailto:bjorn at mork.no] 
Sent: Monday, 28 June 2004 9:14 PM
To: Emilia Lambros
Cc: Michael Bellears; foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] ServerIronXL 16 or 24 port questions..

"Emilia Lambros" <emilial at hostworks.com.au> writes:

> Also with DNS, you're correct - it does only respond to A records so 
> if you want anything more from it, you will need the SLB to sit in 
> front of name servers.  In our case, we only required A records with a 
> very low ttl, so the SLB doing the job was perfect.

That's what we wanted too.

The problem is that you can't control which questions it gets.  Lots of clients will ask for AAAA records nowadays.  A regular DNS server will immediately return NXDOMAIN when no AAAA records are defined, but the ServerIron didn't even when running as a standalone DNS server.  It just dropped the AAAA requests, causing long delays for these clients before they eventually timed out and fell back to asking for an A record. 

Therefore, you do want to run a real DNS server behind it even if you are just serving A records.  The real DNS server will generate the proper NXDOMAIN anwsers

Now, I should of course add a disclaimer: This was the observed behaviour the way we configured it.  We might have forgotten some crucial part.  Here are the relevant parts of the config before adding a real DNS server in case anyone wants to verify it:


server virtual vs 148.x.x.69
 predictor round-robin
 port http
 port dns
 bind http real1 http real2 http real3 http real4 http

gslb policy
 round-trip-time tolerance 0
 round-trip-time cache-prefix 16
 round-trip-time cache-interval 1800
 dns ttl 60
 dns override
 dns cache-proxy

gslb site Site1
 si serveriron1 148.x.x.67
gslb site Site2
 si serveriron2 217.x.x.3

gslb dns zone glsb.example.com
 host-info null-host http
 host-info null-host ip-list 148.x.x.69 217.x.x.4



Bjørn

More information about the foundry-nsp mailing list