Caching of EDNS0 Client Subnet Data when the NetScaler Appliance is in Proxy Mode

In NetScaler Proxy mode, if a back-end server that supports EDNS0 Client Subnet (ECS) sends a response containing the ECS option, the NetScaler appliance forwards the response as-is to the client and stores it in the cache, along with the client subnet information. Further DNS requests that are from the same subnet of the same domain, and for which the server would send the same response, are then served from the cache instead of being directed to the server.

Note:

• ECS caching is disabled by default. You have to enable caching of EDNS0 client-subnet data in the associated DNS profile.
• The number of subnets that you can cache for a domain is limited to the available subnet IDs, that is, 1270 in the NetScaler appliance. Optionally, you can set the limit to a lower number (minimum value: 1 ipv4/ipv6).

To enable caching of ECS responses by using the command line

At the command prompt, type:

set dns profile <dnsProfileName> -cacheECSSubnet ( ENABLED | DISABLED )

To limit the number of subnets that can be cached per domain by using the command line

At the command prompt, type:

set dns profile <dnsProfileName> -maxSubnetsPerDomain <positive_integer>

Example

In the example shown in the above figure, the client at IP address 2.2.2.2 sends a query for www.example.com to the DNS resolver, and the DNS resolver sends the following response:

www.example.com IN A, IP is 2.2.2.11, and ECS 2.2.2.0/24/24

At this point, the response and the client-subnet identifier (2.2.2.0/24) are cached. Further requests from the same subnet and domain will be served from the cache.

For example, if the client’s IP address is 2.2.2.100 and the query is for www.example.com, the query is served from the cache instead of being sent to the backend server.