Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

You can configure DNS Traffic Control servers, pools, and LBDNs on the NIOS appliance. You can define multiple servers, pools, or LBDNs.

Configuring DNS Traffic Control Servers

DNS Traffic Control servers are objects that are associated with synthesized A, AAAA, SRV or CNAME records. DNS Traffic Control servers can be in multiple pools and can be the destination for multiple topology rulesets. You can disable a server while in use, but note that this affects the pools that are associated with the server. You cannot disable a server if it is the last active server for any pool with which it is associated. To disable such a server, first remove it from the associated pools and topology rulesets.

You can add a DTC server on the Traffic Control tab. Alternatively, you can do this on the DNS -> Zones tab or Members/Servers tab by selecting an existing A, AAAA, or host record in the table and clicking Create DTC Server in the Toolbar or in the record's action menu.
You can also add a DTC server on the Data Management -> IPAM tab based on a selected existing A or host record. You can do so on both IP Map and List subtabs.

If you use multi-tier architecture and want to monitor the availability of separate components of the DTC server, you can add a health monitor for an individual IP address or domain name of the server. You can do it after you have initially configured the server. 
To configure a DTC server, complete the following:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab.
  2. In the Toolbar, click the arrow next to the Add icon and select Server.
  3. In the DTC Server Wizard, under Select an existing DNS record or enter the Name and Host fields, do one the following:
    • Optionally, click Select and choose an existing DNS record which will pre-populate the server information:
      1. Select a zone using the filter and click Apply.
      2. Select the record type, Host, A, or AAAA, by which to filter the records list.
      3. Click the required record name to select it.
    • Specify the DTC server name and host:
      • Name: Enter the name of the DTC server.
      • Host: Specify the server host by selecting and specifying one of the following:
        • IP Address: The DTC response from the server will contain an auto-created A (IPv4) or AAAA (IPv6) record with this IP address.

        • Domain Name: The DTC response from the server will contain an auto-created CNAME record that uses this domain name.
          This step only applies if you create a DTC server from the Traffic Control tab. If you create a DTC server on the DNS -> ZonesDNS -> Members/Servers tab, or Data Management -> IPAM tab, the record is already selected so this step is not available in the DTC Server Wizard.

  4. Auto-createDTCrecords: If this is enabled and the Host field contains an IP address, an A (IPv4) or AAAA (IPv6) record will be created. If the Host field contains a domain name, a CNAME record will be created. If you do not enable auto-created DTC records, you must create those records manually. For more information, see the following section, Managing DTC Server Records.
    A record type that corresponds to the Host field must exist in order for the DTC Server to return a response.
  5. Comment: Enter additional information about the server.
  6. Disabled: Select this to disable the server.
  7. Click Next to define extensible attributes. For information, see /wiki/spaces/nios84draft/pages/26151814.
  8. To schedule the change, click Next or Schedule for Later. In the Schedule Change panel, select Now to immediately execute this task. Or select Later to schedule this task, and then specify a date, time, and time zone.
  9. Save the configuration.

Managing DTC Server Records

You can create A, AAAA, CNAME, SRV, and NAPTR records in a DTC server similar to the NAPTR record in a DNS zone.
A NAPTR (Name Authority Pointer) record specifies a rule that uses a substitution expression to rewrite a string into a domain name or URI (Uniform Resource Identifier). A URI is either a URL (Uniform Resource Locator) or URN (Uniform Resource Name) that identifies a resource on the Internet. For information about NAPTR records, see .
You can assign multiple A, AAAA, and NAPTR records simultaneously to a DTC server or only one CNAME record. Enabled CNAME record cannot coexist with enabled A, AAAA, or NAPTR record. Disabled CNAME record cannot coexist with enabled CNAME record.
This section describes how to add, modify, and delete records in a DTC server. It includes the following sections:

  • Adding DTC Records
  • Viewing DTC Records
  • Modifying DTC Records
  • Deleting DTC Records

Adding DTC Records

To add a DTC record:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab.
  2. Click the server name  to which you want to add the records. Details of the records added to the server are displayed.
  3. Click the arrow next to the Add icon and select the type of record you want to add. (A Record/AAAA Record/CNAME Record/SRV Record/NAPTR Record/Unknown record).
  4. Enter the following information in the Add <Record_Type> Record wizard:
    • For an A record:
      • IP address: Enter an IPv4 address for the A record on the DTC server.
      • Comment: Optionally, enter additional information about the A record.
      • Disable: Select this checkbox to disable the record. Clear the checkbox to enable it.
    • For an AAAA record:
      • IP address: Enter an IPv6 address for the AAAA record on the DTC server.
      • Comment: Optionally, enter additional information about the AAAA record.
      • Disable: Select this checkbox to disable the record. Clear the checkbox to enable it.
    • For a CNAME record:
      • Canonical name: Enter the complete canonical (or official) name of the host.
      • Comment: Optionally, enter additional information about the CNAME record.
      • Disable: Select this checkbox to disable the record. Clear the checkbox to enable it.
    • For a NAPTR record:
      • Service: Specifies the service and protocol used to reach the domain name that results from applying the regular expression or replacement. You can enter a service or select a service from the list.
      • Flags: The flag indicates whether the resulting domain name is the endpoint URI or if it points to another record. Select one of the following:
        • U: Indicates that the output maps to a URI.
        • S: Indicates that the resulting domain name has at least one SRV record.
        • A: Indicates that the resulting domain name has at least one A or AAAA record.
        • P: Indicates that this record contains information specific to another application.
          Leave this blank to indicate that the DNS client must use the resulting domain name to look up other NAPTR records. You can use the NAPTR records as a series of rules that are used to construct a URI or domain name.
      • Order: Select an Integer from 10 to 100, or enter a value from 0 to 65535. This value indicates the order in which the NAPTR records must be processed. The record with the lowest value is processed first.
      • Preference: Select an Integer from 10 to 100, or enter a value from 0 to 65535. Similar to the Preference field in MX records, this value indicates which NAPTR record should be processed first when the records have the same Order value. The record with the lowest value is processed first.
      • REGEX: The regular expression that is used to rewrite the original string from the client into a domain name. RFC 2915 specifies the syntax of the regular expression. Note that the appliance validates the regular expression syntax between the first and second delimiter against the Python re module, which is not 100% compatible with POSIX Extended Regular Expression as specified in the RFC. For information about the Python re module, refer to http://docs.python.org/release/2.5.1/lib/module-re.html.
      • Replacement: This specifies the domain name for the next lookup. The default is a dot (.), which indicates that the regular expression in the REGEX field provides the replacement value. Alternatively, you can enter the replacement value in FQDN format.
      • Comment: Optionally, enter a descriptive comment for this record.
      • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.
    • For an SRV Record:
      • Display input as: Select the format in which you want the SRV record to be displayed. When you select RFC 2782 format, the appliance follows the service._protocol.name format as defined in RFC 2782. When you select Free format, enter the entire name in the Domain field.
      • Service: Specify the service that the host provides. You can either select a service from the list or type in a service, if it is not on the list. For example, if you are creating a record for a host that provides FTP service, select _ftp. To distinguish the service name labels from the domain name, the service name is prefixed with an underscore. If the name of the service is defined at http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml, use that name. Otherwise, you can use a locally-defined name.
      • Protocol: Specify the protocol that the host uses. You can either select a protocol from the list or type in a protocol, if it is not on the list. For example, if it uses TCP, select _tcp. To distinguish the protocol name labels from the domain name, the protocol name is prefixed with an underscore.
      • Domain: Specify the name determined by LBDN.
      • Preview: After you have entered all the information, this field displays the FQDN, which is the concatenation of the Service, Protocol, and Domain fields.
      • Priority: Select or enter an integer from 0 to 65535. The priority determines the order in which a client attempts to contact the target host; the domain name host with the lowest number has the highest priority and is queried first. Target hosts with the same priority are attempted in the order defined in the Weight field.
      • Weight: Select or enter an integer from 0 to 65535. The weight allows you to distribute the load between target hosts. The higher the number, the more that host handles the load (compared to other target hosts). Larger weights give a target host a proportionately higher probability of being selected.
      • Port: Specify the appropriate port number for the service running on the target host. You can use standard or nonstandard port numbers, depending on the requirements of your network. You can select a port number from the list or enter an integer from 0 to 65535.
      • Target: Enter the canonical domain name of the host (not an alias); for example, www2.corpxyz.com
        In addition, you need to define an A record mapping the canonical name of the host to its IP address.
      • Comment: Enter a descriptive comment for the record.
      • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.
    • For an Unknown record:
      • Domain name: Enter the complete canonical (or official) name of the host.
      • Comment: Optionally, enter additional information about the CNAME record.
      • Disable: Select this checkbox to disable the record. Clear the checkbox to enable it.
  5. To schedule the change, click Next or Schedule for Later. In the Schedule Change panel, select Now to immediately execute this task. Or select Later to schedule this task, and then specify a date, time, and time zone.
  6. Save the configuration and click Restart if it appears at the top of the screen.

Viewing DTC Records

To view the records associated with a DTC server, go to the Data Management tab, select the DNS tab -> Traffic Control tab -> DTC server. The Grid Manager displays the following for each DTC record:

  • Name: The name of the record.
  • Type: The type of record.
  • Data: The data that the record contains. For a NAPTR record, this field displays the following data: Order, Preference, Flags, Services, REGEX, and Replacement.
  • Comment: Comment that was entered for the record.
  • TTL: The TTL (time-to-live) value of the record.
  • Disabled: Indicates if the record is disabled.

You can do the following:

  • Click the Add icon to add a DTC record.
  • Select a record and click the Edit icon to edit the configuration. You can also click the Action icon  next to the record and select Edit from the menu.
  • Select a record and click the Delete icon to delete it. You can also click the Action icon next to the record and select Delete from the menu.
  • Create a quick filter to save frequently used filter criteria. For information, see Finding and Restoring Data.
  • Click the Export icon to export the list of DTC records to a .csv file.
  • Click the Print icon to print the list of DTC records.

Modifying DTC Records

To modify a DTC record:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab -> DTC server.
  2. Select the DTC record you want to modify, and click the Edit icon.
  3. The DTC Record editor contains the following tabs from which you can modify information:
    • General: You can modify most of the information, except for the read-only fields, such as the DNS view. For a description of the fields, see Adding DTC Records above.
    • TTL: You can modify the TTL setting. For information, see Specifying Time To Live Settings.

     4. Save the configuration and click Restart if it appears at the top of the screen.

Deleting DTC Records

To delete a DTC record:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab -> DTC server.
  2. Select the DTC record you want to delete, and click the Delete icon.
  3. When the confirmation dialog box displays, select Yes.

Grid Manager moves the DTC record to the Recycle Bin, from which you can restore or permanently delete the record. For information, see Finding and Restoring Data.

Modifying DNS Traffic Control Servers

To modify a DNS Traffic Control server:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, click the Action icon next to the DTC server and select Edit from the menu.
  2. The DTC Server editor contains the following tabs from which you can modify data.
    • General: This tab displays the Name, Host, Auto-create DTC records, and Comment that you entered while configuring the server. You can enable or disable the server. For information about how to modify the server data, see Managing DNS Traffic Control Objects.  Additionally, specify the Server Name Indication setting:
      • UseAlternateSNIHostname: If the SNI name is different from what is configured in the address field, select this checkbox and enter the required hostname by which an HTTPS health monitor should connect to the server.

    • Health Monitors: Define health monitors for the DTC server:

      1. Click the Add icon. A new row appears in the table.

      2. In Health Monitor, select the monitor type: icmp, http, https, sip, pdp, or snmp.

      3. In Domain Name or IP Address, type either the FQDN or the IP address to monitor.

      4. If required, add more health monitors for the server as described above. You can add up to ten health monitors per server.
        In Health Monitors from Pools, you can see other health monitors assigned to the pools that the server belongs to. The availability requirement for the pools must be set to either “All” or “Any” for you to be able to add server-specific health monitors. For information, see the following section, Configuring DNS Traffic Control Pools.

      5. Save the configuration.

    • Extensible Attributes: Add and delete extensible attributes that are associated with the server. You can also modify the values of extensible attributes. For information, see Managing Extensible Attributes.
  3. To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, select Later and enter a date, time, and time zone. The Schedule icon is green when there is a pending scheduled task. For information, see Scheduling Tasks.
  4. Save the configuration.

Configuring DNS Traffic Control Pools

A pool contains load balanced servers. You can define multiple servers for a pool. Each LBDN must have at least one pool associated with it to be operational. For sites with a large amount of incoming traffic, you can configure DNS Traffic Control to distribute client requests to multiple servers using a load balancing pool. An individual server can belong to one or multiple load balancing pools, depending on how you want to manage your network traffic. You can also set the order of servers in the pool and define a ratio on a server basis.

A pool can contain preferred and alternative load balancing methods. You can define permissions on these pools and associate extensible attributes with them. Each pool can contain one or more health monitors associated with it. You can define TTLs at the LBDN level. These TTLs are valid for dynamic RRsets that are created by the querying process for each query.

To configure a pool:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, and then click the arrow next to the Add icon and select Pool.
  2. In the DTC Pool Wizard, complete the following:
    • Name: Enter the name of the pool.
    • Comment: Enter additional information about the pool.
    • Disabled: Select this to disable the pool.
  3. Click Next to associate health monitors with the pool:
    • HealthMonitors: Select the health monitor from the Available table, which you want to associate with the pool, and click the right arrow to move the selected health monitor to the Active table. You can use SHIFT+click and CTRL+click to select multiple health monitors. To dissociate the health monitor from the pool, select it and click the left arrow to move it to the Available pane from the Active pane.
    • AvailabilityRequirements: Select from the following:
      • All: All active monitors must report the available status for the pool to be determined as available.
      • Any: Any number of active monitors must report the available status for the pool to be determined as available.
      • At least: The minimum number of active monitors that must report the available status for the pool to be determined as available.
  4. Click Next and select the preferred load balancing method:
  5. If you select Ratio: Dynamic as preferred method, also select a dynamic ratio method from the following:
    • Round Trip Delay: Select this to enable load balancing based on the proximity of DTC servers determined through round trip delay. Specify the following:
      • Monitor: Select a pre-configured health monitor to use for monitoring the round trip delay.
    • SNMP: Select this to enable load balancing based on a server metric captured by an SNMP health monitor. Specify the following:
      • Monitor: Select a health monitor for which to track a server metric.
      • OID: Specify an object identifier that indicates the metric to track.
      • Weighing: Select to weigh DTC servers by priority or ratio.
      • Inverse OID value: Select this if you want to use the value of the monitored metric as inversed for convenience of determining servers availability.
  6. If you select Topology as preferred method, also select a Topology Ruleset. Only topology rulesets with the Server destination type are displayed in the drop-down list.
    NOTE: If you select Topology as the preferred method, you can also specify the alternate method which is used to select a server from the pool if the preferred one does not return any result. The preferred and alternate methods must be different.
  7. If applicable, select the alternate load balancing method.
    • All Available
    • Ratio: Dynamic
    • Global Availability
    • None
    • Ratio: Fixed
    • Round Robin
    • Topology
      For details on each alternate method, see the description of the preferred method above.
  8. Click Next to associate servers with the pool. Click the Add icon, select a server from the DTC Server Selector dialog box and click OK. You can use SHIFT+click and CTRL+click to associate multiple servers. The appliance displays the following information:
    • ServerName: The name of the DNS Traffic Control server.
    • Host: The host address of the server.
    • Ratio: You can modify the ratio value. The value must be greater than zero.
    • Disabled: Indicates whether the server is disabled.
    • Order: Displays the order of servers in the list.
      To dissociate a server from the pool, select the checkbox next to the server name and click the Delete icon.
  9. Click Next to define extensible attributes. For information, see Managing Extensible Attributes.
  10. To schedule the change, click Next or ScheduleforLater. In the ScheduleChange panel, select Now to immediately execute this task. Or select Later to schedule this task, and then specify a date, time, and time zone.
  11. Save the configuration.

Modifying DNS Traffic Control Pools

To modify a pool:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, click the Action icon next to the pool name and select Edit from the menu.
  2. The DTC Pool editor contains the following basic tabs from which you can modify data. 
    • General: This tab displays the pool Name and Comment. You can edit the values and enable or disable the pool.
    • TTL: This tab displays the TTL value configured for the pool. The default value is inherited from the LBDNs which are using the pool. There can be multiple inheritance. Click Override to override the value.
    • Health Monitors: This tab displays health monitors that are associated with the pool. You can associate new health monitors or dissociate the health monitors that are already associated with the pool.
    • Load Balancing: This tab displays the load balancing methods that you have selected while configuring the pool. You can select a new preferred and alternate load balancing methods.
    • Pool Members: This tab displays the servers that are associated with the pool. You can add new servers or delete servers that are associated with the pool. You can also modify servers ratio and order.
    • Extensible Attributes: Add and delete extensible attributes that are associated with the pool. You can also modify the values of extensible attributes. For information, see Managing Extensible Attributes.
  3. To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, select Later and enter a date, time, and time zone. The Schedule icon is green when there is a pending scheduled task. For information, see Scheduling Tasks.
  4. Save the configuration.

Configuring DNS Traffic Control LBDNs

A DTC LBDN is a load balanced domain name object that is used by DNS Traffic Control to process DNS queries for load balanced resources. You can define multiple LBDNs on the NIOS appliance and associate extensible attributes to them. You can configure permissions for DTC LBDNs. For more information, see License Requirements and Admin Permissions.
You can configure a load balancing method for each LBDN. You can assign multiple pools and a single load balancing method to an LBDN. You can associate or dissociate LBDNs with a zone. Note that zone transfers and incremental zone transfers ignore LBDNs. When you configure or modify DTC LBDNs, a service restart is required in order for the new configuration to take effect.
On the appliance, the DNS Traffic Control querying process generates A, AAAA, NAPTR, SRV or CNAME records for an LBDN, called LBDN records. LBDN records are served by DNS Traffic Control servers. An LBDN record must be associated with an authoritative zone. 
To configure an LBDN, complete the following:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, click the arrow next to the Add icon, and select LBDN.
    or
    From the Data Management tab -> DNS tab -> Zones tab -> authoritative_zone -> Records tab, click the Add icon, and select Record -> DTC LBDN.
  2. In the DTCLBDN wizard, complete the following:
    • Display Name: Enter a display name for the LBDN.
    • Patterns: Click the Add icon to add an LBDN pattern. 
      To delete an LBDN pattern, select the checkbox next to the pattern and click the Delete icon.
    • Load Balancing Method: From the drop-down list, select the method you want to use for load balancing. You can select one of the following: Global Availability, Ratio:Fixed, Round Robin, and Topology. The default is Round Robin. For more information about the load balancing methods, see Load Balancing Methods for DNS Traffic Control.
      • Topology Ruleset: This is displayed only when you select the Topology load balancing method. In the drop-down list, only the topology rulesets with the Pool destination type are displayed. Select a topology ruleset for the Topology load balancing method. For more information, see Configuring Topology Rules and Rulesets.
      • Persistence: Select this checkbox and enter a value greater than zero seconds to enable persistence for the LBDN. You can specify a period between one second to 2 hours. Even if the DNS restart takes longer than the value specified in the Persistence field, the DNS server directs the request to the same server. If you specify zero, the appliance does not cache the requests. When you enable persistence for an LBDN, the appliance stores the results for specific LBDN responses in the DNS Traffic Control cache. When a request originates from the respective FQDN or an IP address within the specified period, the DNS server directs the request to the same server.
        When the persistence enabled, cached results are not guaranteed to persist for the configured duration. The maximum size of the persistence cache is limited globally by the platform. When the limit exceeds the maximum size, the oldest results are deleted. The appliance might discard persistence results if the relevant configuration changes. HA DTC cache replication works on both active and passive nodes and during an HA failover, the DTC cache is replicated from the active node to the passive node.
        If you send a DNS query with a DNSSEC option, an LBDN sends a response with a signature. When you enable persistence for different LBDN patterns in the DNS query, you will receive the same DNS response and signature.
        DTC cache replication in HA mode is supported only for IPv4 communications.
      • Priority: Select a priority value, 1 (High), 2 (Normal), or 3 (Low). The priority value is used when there are LBDNs that have patterns matching the same FQDN and that are assigned to the same zone. In this case, the matching LBDN with the highest priority is used. For example, an LBDN with "*.foo.com" and an LBDN with "www.*.com" patterns can be linked to the same zone "foo.com" if the LBDN with the "*.foo.com" pattern has priority 1 and the LBDN with the "www.*.com" pattern has priority 2 or 3. If there are no matches, the default LBDN is used.
      • Comment: Enter additional information about the LBDN object.
      • Disabled: Select this to disable the LBDN.
  3. Click Next and complete the following:

    • Return these record types for the associated zones: Select any or all of the following LBDN record types: A, AAAA, NAPTR, SRV and CNAME. You must select at least one record type for the LBDN, otherwise the LBDN is disabled. The patterns and the record types can overlap with another LBDN that is linked to the same zone only if their priorities differ.
      If you select the A or AAAA record type, the LBDN returns the corresponding record and/or a CNAME record when the client queries for any record type and if the server selected by DTC has the required data.
      However, if the client queries for CNAME explicitly, ensure that you select the CNAME record type checkbox for the CNAME records to be returned.
      If you select the CNAME or NAPTR record type, the LBDN returns the CNAME or NAPTR record respectively when the client queries for those records and if the server selected by DTC has the required data. As the CNAME response must be unique, the CNAME record type is unavailable for an LBDN if any pool in that LBDN uses the All Available load balancing method. 
      Unlike other DTC record types, SRV record type has a name. If the QNAME matches the pattern in LBDN and the QTYPE is enabled, a server is selected and all the records of the QTYPE configured for the server are returned. DTC SRV name is not used in name matching during DNS resolution in BIND. 
      To receive distinct responses, use separate LBDNs as well as separate servers for every service/protocol/domain combination.

    • Associated Zones: Click the Add icon to associate zones with the LBDN. Select a zone from the ZoneSelector dialog box and click OK. The appliance displays the following information:

      • Zones: The name of the selected zone.
      • DNS View: The DNS view associated with the selected zone (if there is more than one DNS view).
      The LBDN is active only when you associate zones with it. You can associate only authoritative forward-mapping zones with the LBDN. The LBDN must contain at least one matching pattern for the zone. For example, an LBDN with patterns "www.*.com" and "www.*.net" may be linked to a zone "foo.com". 
    • You can also associate LBDNs with DNSSEC signed zones.
  4. Click Next and click the Add icon to associate pools with the LBDN. Select a pool from the DTCPoolSelector dialog box and click OK. The appliance displays the following information:
    • Name: The name of the selected pool.
    • Ratio: The ratio of the associated server. You can edit this value.
    • Comment: Displays information that you specified for the pool.
    • Members: Displays the member associated with the pool.
    • Order: Displays the order of the pools.
      To dissociate a pool associated with an LBDN, select the checkbox next to the respective pool name and click the Delete icon.
  5. Click Next to define extensible attributes. 
  6. To schedule the change, click Next or Schedule for Later. In the Schedule Change panel, select Now to immediately execute this task. Or select Later to schedule this task, and then specify a date, time, and time zone.
  7. Save the configuration and click Restart if it appears at the top of the screen.

Configuring LBDN Patterns

An LBDN pattern is a domain name. You can define a pattern with multiple * and ? in any position of the domain name. Note the following about * and ?:

  • A sequence of *s has the same effect as a single *.
  • A sequence of ?s will match exactly as many octets as there are ?s.
  • A * terminates on label boundaries and will not match a label separator. For example, *.com matches foo.com but not www.foo.com.
  • A ? does not match a label separator.
  • An empty LBDN pattern will match the root and it is automatically changed to "." when you save the LBDN.
  • An LBDN pattern matches an FQDN if the entire FQDN matches.
  • LBDN patterns may contain special characters. For example, a\032 b.com contains two adjacent spaces.
  • LBDN patterns do not support IDN and they will not convert Unicode to punycode. You can enter punycode, but note that the LBDN pattern matching does not support punycode.

Note

There are many cases where the use of wildcards within LBDN patterns is advisable; however, Infoblox recommends using wildcards with caution in the left-most position because it may lead to unexpected behavior or responses. When in doubt, the most predictable behavior comes from using the target domain name as the pattern when configuring the LBDN.

Managing LBDN Records

In order to manage an LBDN in an authoritative zone, you must enable the authoritative zone and associate it with the LBDN. If an LBDN pattern matches a zone name, the records of type "DTC LBDN Record" are created in that zone as proxies for the LBDN.
To view DTC LBDN records:

  • Select the Data Management tab -> DNS tab -> Zones tab -> authoritative_zone -> Records tab.

The record name is the zone-relative portion of the pattern, including wildcards. For example, when you link an LBDN with patterns "www.*.com", "www.a*z.*.com", "*.com", "bar.*.net" to zone "foo.com", the appliance creates three LBDN records with names "" (zone origin), "www", and "www.a*z" in the zone. These records will refer to their respective LBDN.
You cannot modify LBDN records. The appliance creates or deletes LBDN records based on the matched LBDN patterns. When you delete an LBDN, the appliance automatically deletes linked zones associated with it and deletes all LBDN records. You can edit the pattern that is associated with the respective LBDN record. 
Note that an LBDN record is a separate object from the LBDN and each of these have separate permissions. For more information, see /wiki/spaces/nios84draft/pages/26151257.

Note

SRV record type uses a name. If the QNAME matches the pattern and the QTYPE is enabled then a server is selected and ALL records of the QTYPE configured for the server are returned. For distinct responses use separate LBDNs as well as separate servers for every service/protocol/domain combination. DTC SRV name is not used in name matching during DNS resolution in BIND.


Associating LBDNs with DNSSEC Signed Zones

If a zone is DNSSEC signed, you can still associate an LBDN, but some restrictions apply. You can set either Signed or Unsigned mode for the response from DNSSEC signed zones.
The following restrictions apply in the Signed mode:

  • You cannot assign an LBDN to a zone or unassign an LBDN from a zone while signing, i.e. key rollover, is in progress for that zone. For information about key rollovers, see Setting DNSSEC Parameters.
  • If an LBDN is assigned to a zone for which signing is in progress, then all changes to that LBDN and its dependent configuration (including pools, servers, and topologies) are prohibited until signing completes. The only thing you can do while signing is in progress is to assign an LBDN already assigned to a signed zone to another unsigned zone.
  • An LDBN assigned to a signed zone cannot use the All Available load balancing method or have a pattern with a wildcard in the zone. Also, you cannot sign an unsigned zone with such an LBDN assigned.

In the Unsigned mode, unsigned responses in signed zones are returned.
For more information about how to set the Signed or Unsigned mode, see Configuring DNS Traffic Control Properties.

Note

You cannot assign any signed zone during staged Grid upgrade if not all of the NIOS appliances have been moved to a new software version. This restriction is working in both Signed and Unsigned modes.


Modifying DNS Traffic Control LBDNs

To modify an LBDN:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, click the Action icon next to the LBDN name and select Edit from the menu.
  2. The DTC LBDN editor contains the following tabs from which you can modify data.
    • General: This tab displays the Display Name, Patterns, Load Balancing Method, Persistence, Priority, and Comment of the LBDN object. Here you can also disable the LBDN.
    • Associated Zones and Records: This tab displays the record types that can be returned for the associated zones, the TTL, and the Associated Zones. You can select any or all of the following record types: A, AAAA, SRV, and NAPTR. Note that the default TTL value is 8 hours and is inherited from the associated zones of the Infoblox Grid. You can override this value or associate new zones with the LBDN to inherit a new value.
    • Pools: This tab displays the pools that are associated with the LBDN. You can delete an existing pool or add new pools.
    • Extensible Attributes: Add and delete extensible attributes that are associated with the LBDN. You can also modify the values of extensible attributes. For information, see Managing Extensible Attributes.
  3. To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, select Later and enter a date, time, and time zone. The Schedule icon is green when there is a pending scheduled task. For information, see Scheduling Tasks.
  4. Save the configuration and click Restart if it appears at the top of the screen.

Testing DNS Traffic Control LBDNs

You can select an LBDN and test the DTC response for the respective LBDN. To test an LBDN, complete the following:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab.
  2. In the Traffic Control panel, select the LBDN object that you want to test and click Test LBDN in the Toolbar.
  3. In the Test DTC LBDN dialog box, complete the following:
    • Query Source: Enter the client IP address.
    • Query Name: Enter the FQDN of the record that you are requesting.
    • Member: Click Select to select the Grid member that will return the response. The dialog box displays the list of members that have a DTC license.
    • Record Type: Select a record type, A, AAAA, SRV, or NAPTR from the drop-down list.
  4. Click Start.

The appliance displays the response for the request in the text output area. To clear the response from the text area, click Clear.

Deleting DNS Traffic Control Objects

You can delete DNS Traffic Control objects, such as servers, pools or LBDNs. When you delete an LBDN, the appliance automatically dissociates it from the zones. To delete an LBDN, you must either have a write permission on the LBDN record or the LBDN. For more information, see License Requirements and Admin Permissions.
You cannot delete a DNS Traffic Control pool when it is in use. To delete a pool, you must first delete it from the associated LBDNs. You cannot delete a DNS Traffic Control server when it is in use. You must first remove it from every pool and topology ruleset before deleting the server.
To delete an object:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, click the Action icon next to the object name and select Delete from the menu or select an object and click the Delete icon.
  2. In the Delete Confirmation dialog box, click Yes to delete or No to cancel.

The Delete Confirmation dialog box displays information about associated objects and warns if the object cannot be deleted due to the associations.
To schedule an object deletion, click the Action icon for the object and select Delete -> Schedule Delete. Alternatively, you can select the object in the Traffic Control panel and then select the Delete icon -> Schedule Delete. In the Schedule Deletion panel, enter a date, time, and time zone. For information, see Scheduling New IPAM/DHCP Objects and Associated Port Configurations.

Note

If you remove a name server associated with a zone that comprises LBDN records and if the name server is configured as part of a consolidated monitor list, ensure that you remove the name server from the consolidated health monitor list in the DTC pool. For more information about health monitors, see Using DNS Traffic Control Health Monitors and Configuring DTC Monitors for Health Check.

Viewing DNS Traffic Control Objects

Grid Manager lists all DNS Traffic Control objects in the Traffic Control tab. You can view the DNS Traffic Control objects, such as servers, LBDNs, and pools that you have configured in the Grid.
To view DNS Traffic Control objects, from the Data Management tab, select the DNS tab -> Traffic Control tab.
Based on the selected columns, Grid Manager displays the following information for each DNS Traffic Control object:

  • Name: The name of the object.
  • Type: The object type.
  • Status: Displays information about the last update, connection status, load balancer methods, and servers and pools. Hover your mouse over the status value to view full information in a tooltip. For more information about the possible statuses, see Visualization for DNS Traffic Control Objects.
  • IPv4Address: The IPv4 address of the object, if applicable.
  • IPv6Address: The IPv6 address of the object, if applicable.
  • Disabled: Yes or No. Indicates whether the DNS Traffic Control object is disabled.
  • Comment: Displays any comments that were entered for the object.
  • LastStatusUpdate: Displays the timestamp of the last status update.
  • LoadBalancingMethod: Displays the load balancing methods defined for the object.
  • TopologyRuleset: Displays the topology ruleset defined for the object, if the object uses the Topology load balancing method.
  • Extensible attributes, if configured:
      • Site: Displays any values that were entered for the Site pre-defined attribute.
      • IBDiscoveryOwned: Displays any values that were entered for the IB Discovery Owned pre-defined extensible attribute.
      • Building: Displays any values that were entered for the Building pre-defined attribute.
      • Country: Displays any values that were entered for the Country pre-defined attribute.
      • Region: Displays any values that were entered for the Region pre-defined attribute.
      • State: Displays any values that were entered for the State pre-defined attribute.
      • VLAN: Displays any values that were entered for the VLAN pre-defined attribute.


Note

You can perform inline editing in the NameComment, and Site columns by double-clicking the required line in the table and providing the value in the corresponding column.


You can do the following in the Traffic Control tab:

  • Select the checkbox to view specific objects only:
    • LBDN: Select the checkbox to view LBDN objects only. 
    • Pool: Select the checkbox to view pools only. 
    • Server: Select the checkbox to view servers only.
  • Change the set of columns displayed in the DTC objects table and change their width. For more information, see About the Grid Manager Interface.
  • Click the Add icon to add an object.
  • Select an object and click the Edit icon to edit the configuration. You can also click the Action icon next to the object and select Edit from the menu. For more information, see Managing DNS Traffic Control Objects.
  • Select an object and click the Delete icon to delete it. You can also click the Action icon next to the object and select Delete from the menu. 
  • Click a DTC server name to open the list of the DTC records associated with the server. 
  • Use filters and the Go to function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Go to field and select the object from the possible matches.
  • Create a quick filter to save frequently used filter criteria. For information, see Finding and Restoring Data.
  • Click the Export icon to export the list of objects to a .csv file.
  • Click the Print icon to print the list of objects.
  • Add or delete extensible attributes for a DTC object by selecting the object in the table and clicking Extensible Attributes in the Toolbar. For information, see Managing Extensible Attributes.
  • Test a selected LBDN by clicking Test LBDN in the Toolbar. 
  • Enable/disable one or more selected traffic control objects. 
  • View a visualization of the traffic control structure for an object by selecting the object in the table. The visualization is displayed by default. To hide the visualization, click Hide Visualization in the Toolbar. For more information, see Visualization for DNS Traffic Control Objects.
  • Use the IDN Converter from the Toolbar to convert IDNs into punycodes. For more information, see Managing Internationalized Domain Names.

Enabling or Disabling Traffic Control Objects

You can enable or disable multiple traffic control objects simultaneously. To enable or disable traffic control objects:

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab.
  2. In the Traffic Control panel, select the objects that you want to enable or disable, click the arrow beside the Enable/Disable icon and do one of the following:
    • To enable the selected objects, select Enable from the drop-down list and click Yes in the confirmation dialog box to enable.
    • To disable the selected objects, select Disable from the drop-down list and click Yes in the confirmation dialog box.
  • No labels