ADC

Cache EDNS0 client subnet data when the NetScaler appliance is in proxy mode

In NetScaler Proxy mode, if a back-end server that supports an EDNS0 Client Subnet (ECS) sends a response containing the ECS option, the NetScaler appliance does the following:

  • It forwards the response as-is to the client and
  • Stores the response in the cache, along with the client subnet information.

DNS requests that are from the same subnet of the same domain, and for which the server would send the same response, are then served from the cache.

Note:

  • ECS caching is disabled by default. Enable caching of EDNS0 client-subnet data in the associated DNS profile.
  • The number of subnets that you can cache for a domain is limited to the available subnet IDs, that is, 1270 in the NetScaler appliance. Optionally, you can set the limit to a lower number (minimum value: 1 ipv4/ipv6).

Enable caching of ECS responses by using the CLI

At the command prompt, type:

set dns profile <dnsProfileName> -cacheECSResponses ( ENABLED | DISABLED )

Limit the number of subnets that can be cached per domain by using the CLI

At the command prompt, type:

set dns profile <dnsProfileName> -maxSubnetsPerDomain <positive_integer>

Example:

Cache ECS

In the example shown in the preceding figure, the client at IP address 2.2.2.2 sends a query for www.example.com to the DNS resolver. The DNS resolver sends the following response:

www.example.com IN A, IP is 2.2.2.11, and ECS 2.2.2.0/24/24

At this point, the response and the client-subnet identifier (2.2.2.0/24) are cached. Further requests from the same subnet and domain are served from the cache.

For example, if the client’s IP address is 2.2.2.100 and the query is for www.example.com, the query is served from the cache instead of being sent to the back-end server.

Cache EDNS0 client subnet data when the NetScaler appliance is in proxy mode