Product Documentation

Configure negative caching of DNS records

The Citrix ADC appliance supports caching of negative responses for a domain. A negative response indicates that information about a requested domain does not exist, or that the server cannot provide an answer for the query. The storage of this information is called negative caching. Negative caching helps speed up responses to queries about a domain.

Note:

Negative caching is supported only when the back-end server is configured as an authoritative DNS (ADNS) server for the queried domain.

A negative response can be one of the following:

  • NXDOMAIN error message—If a negative response is present in the local cache, the Citrix ADC returns an error message (NXDOMAIN). If the response is not in the local cache, the query is forwarded to the server, and the server returns an NXDOMAIN error to the Citrix ADC appliance. The appliance caches the response locally, then returns the error message to the client.
  • NODATA error message—If the domain name in query is valid but records of the given type are not available, the appliance sends a NODATA error message.

When negative caching is enabled, the appliance caches the negative response from the DNS server and serves the future requests from the cache only. This helps speed up responses to queries and also to reduce the DNS traffic. Negative caching can be used in all deployments, that is, when a Citrix ADC appliance is serving as a proxy, as an end resolver, or as a forwarder.

You can enable or disable negative caching using DNS profile, for more information see, DNS profiles. By default, negative caching is enabled in the default DNS profile (default-dns-profile) that are bound by default to a DNS virtual server or in the newly created DNS profile.

Enable or disable negative caching by using the CLI

At the command prompt, type the following commands to enable or disable negative caching and verify the configuration:

-  add dns profile <dnsProfileName> [-cacheRecords ( ENABLED | DISABLED )] [-cacheNegativeResponses (ENABLED | DISABLED )]
-  show dns profile [<dnsProfileName>]

Example of a default DNS profile:

> sh dns profile default-dns-profile
    1)   default-dns-profile
        Query logging : DISABLED        Answer section logging : DISABLED
        Extended logging : DISABLED     Error logging : DISABLED
        Cache Records : ENABLED     Cache Negative Responses: ENABLED
Done

Example of a newly created DNS profile:

> add dnsprofile dns_profile1 -cacheRecords ENABLED -cacheNegativeResponses ENABLED
Done
> show dns profile dns_profile1
    1)   dns_profile1
        Query logging : DISABLED        Answer section logging : DISABLED
        Extended logging : DISABLED     Error logging : DISABLED
        Cache Records : ENABLED     Cache Negative Responses: ENABLED
Done

Specify service or virtual server level DNS parameters by using the CLI

At the command prompt, perform the following:

  1. Configure the DNS profile.

    add dns profile <dnsProfileName> [-cacheRecords ( ENABLED | DISABLED )] [-cacheNegativeResponses (ENABLED | DISABLED )]

  2. Bind the DNS profile to the service or virtual server.

    To bind the DNS profile to the service:

    set service <name> [-dnsProfileName <string>]

Example:

>set service service1 -dnsProfileName dns_profile1
Done

To bind the DNS profile to the virtual server:

set lb vserver <name> [-dnsProfileName <string>]

Example:

>set lb vserver lbvserver1 -dnsProfileName dns_profile1
Done

Specify service or virtual server level DNS parameters by using the GUI

  1. Configure the HTTP profile.

    Navigate to System > Profiles> DNS Profile, and create the DNS profile.

  2. Bind the HTTP profile to the service or virtual server.

    Navigate to Traffic Management > Load Balancing> Services/Virtual Servers, and create the DNS profile, which should be bound to the service/virtual server.