ADC

Configure the NetScaler appliance as a forwarder

A forwarder is a server that forwards DNS queries to DNS servers that are outside the forwarder server’s network. Queries that cannot be resolved locally are forwarded to other DNS servers. A forwarder accumulates external DNS information in its cache as it resolves DNS queries. To configure the NetScaler appliance as a forwarder, you must add an external name server.

The NetScaler appliance allows you to add external name servers to which it can forward the name resolution queries that cannot be resolved locally. To configure the NetScaler appliance as a forwarder, you must add the name servers to which it must forward name resolution queries. You can specify the lookup priority to specify the name service that the NetScaler appliance must use for name resolution.

For information on how to configure the NetScaler appliance as a forwarder, see Add a name server (when the NetScaler appliance acts as a forwarder) by using the CLI.

Note:

The NetScaler appliance in forwarder mode supports TCP, UDP, and UDP-TCP name servers.

  • If you have configured a TCP name server, then the NetScaler appliance sends the DNS request over TCP.
  • If you have configured a UDP name server, then the NetScaler appliance sends the DNS request over UDP.
  • If you have configured a UDP-TCP name server, then the NetScaler appliance sends the DNS request over UDP. However if the truncated bit is set in the DNS response, the appliance sends such DNS requests over TCP.

Add a name server

You can create a name server by specifying its IP address or by configuring an existing virtual server as the name server.

  • IP address-based name server - An external name server to contact for domain name resolution. If multiple IP address-based name servers are configured on the appliance, and the local parameter is not set on any of them, incoming DNS queries are load balanced across all the name servers, in round robin fashion.
  • Virtual server-based name server - A DNS virtual server configured in the NetScaler. For more fine-grained control on how external DNS name servers are load balanced (for example, you want a load balancing method other than round robin), do the following:
  • Configure a DNS virtual server on the appliance
  • Bind the external name servers as its services
  • Specify the name of the virtual server in this command.

To verify the configuration, you can use the show dns nameServer command.

To remove a name server, at the NetScaler CLI, type the rm dns nameServer command followed by the IP address of the name server.

To view the details of the DNS nameserver, at the NetScaler CLI, type the show dns nameServer command followed by the IP address of the name server.

Add a name server (when the NetScaler appliance acts as a forwarder) by using the CLI

At the command prompt, type;

add dns nameServer ((<IP>) | <dnsVserverName>)
<!--NeedCopy-->

Or

add dns nameServer ((<IP> | <dnsVserverName>) [-type <type>]
<!--NeedCopy-->

Examples:

add dns nameServer dnsVirtualNS

add dns nameServer 192.0.2.11 -type TCP

add dns nameServer 192.0.2.12 -type UDP_TCP


add dns nameServer 192.0.2.10
show dns nameServer 192.0.2.10

1) 192.0.2.10  -  State: UP  Protocol: UDP
Done
<!--NeedCopy-->

Note:

If the name server type is not specified, a UDP name server is created by default. To create a name server of type TCP or UDP_TCP, you must specify the type.

When you specify the type as UDP_TCP, two name servers (one UDP name server and one TCP name server) are created for the given IP address.

Add a name server (when the NetScaler appliance acts as a resolver) by using the CLI

Specify the local parameter for a recursive resolver. Enable recursion using the set dns parameter command.

At the command prompt, type:

add dns nameServer ((<IP> [-local]) | <dnsVserverName>)
show dns nameServer
set dns parameter -recursion ENABLED  
show dns parameter
<!--NeedCopy-->

Example:

add dns nameServer 10.102.9.19 -local
show dns nameServer
1)  10.102.9.19 LOCAL -  State: UP  Protocol: UDP
Done
set dns parameter -recursion ENABLED
Done
show dns parameter
        DNS parameters:
            .
            .
            .
        Recursive Resolution : ENABLED
            .
            .
            .
Done
<!--NeedCopy-->

Local - Mark the IP address as one that belongs to a local recursive DNS server on the NetScaler appliance. The appliance recursively resolves queries received on an IP address that is marked as being local. For recursive resolution to work, the global DNS parameter, recursion, must also be set. If no name server is marked as being local, the appliance functions as a stub resolver and load balances the name servers.

Add a name server by using the GUI

Navigate to Traffic Management > DNS > Name Servers and create a name server.

Set DNS lookup priority

You can set the lookup priority to either DNS or WINS. This option is used in the SSL VPN mode of operation.

Set the lookup priority to DNS by using the CLI

At the command prompt, type the following commands to set the lookup priority to DNS and verify the configuration:

-  set dns parameter -nameLookupPriority (DNS | WINS)
-  show dns parameter
<!--NeedCopy-->

Example:

> set dns parameter -nameLookupPriority DNS
 Done
> show dns parameter
            .
            .
            .
        Name lookup priority : DNS
            .
            .
            .
 Done
<!--NeedCopy-->

Set lookup priority to DNS by using the GUI

  1. Navigate to Traffic Management > DNS.
  2. In the details pane, under Settings, click Change DNS settings.
  3. In the Configure DNS Parameters dialog box, under Name Lookup Priority, select DNS or WINS, and then click OK.

Note

If the DNS virtual server that you have configured is DOWN and if you set the -nameLookupPriority to DNS, the NetScaler does not attempt WINS lookup. Therefore, if a DNS virtual server is not configured or is disabled, set the -nameLookupPriority to WINS.

Disable and enable name servers

The following procedure describes the steps to enable or disable an existing name server.

Enable or disable a name server by using the CLI

At the command prompt, type the following commands to enable or disable a name server and verify the configuration:

-  (enable | disable) dns nameServer <IPAddress>
-  show dns nameServer <IPAddress>
<!--NeedCopy-->

Example:

> disable dns nameServer 10.102.9.19
 Done
> show dns nameServer 10.102.9.19
1)       10.102.9.19: LOCAL  -  State: OUT OF SERVICE
 Done
<!--NeedCopy-->

Enable or disable a name server by using the GUI

  1. Navigate to Traffic Management > DNS > Name Servers.
  2. In the details pane, select the name server that you want to enable or disable.
  3. Click Enable or Disable. If a name server is enabled, the Disable option is available. If a name server is disabled, the Enable option is available.
Configure the NetScaler appliance as a forwarder