Interesting A10 GSLB interop problem
George Bonser
gbonser at seven.com
Mon Oct 24 02:48:48 CEST 2011
I ran across an interesting problem when using an A10 for GSLB with IPv4 only resources.
So assume the following configuration:
gslb zone example.com
policy foo
ttl 7200
service http foo
dns-cname-record fail.example.com as-replace
dns-a-record foo-vip ttl 600
GSLB is operating in server mode, not proxy mode.
The purpose if this config is that if a user requests foo.example.com and it is down, it (and all other users using that DNS server) is diverted to fail.example.com for a period of two hours. Foo-vip has only an IPv4 address.
Assume a client makes a request for an A record. The local DNS server will request an A record and get back the record for foo.example.com and everything works as planned.
The problem comes in when a client device makes a request for an AAAA record. As there is no ipv6 address for foo-vip, the client's local DNS server receives the fail.example.com CNAME which lives for two hours.
A subsequent client making an IPv4 request after the 600 second TTL of the A record receives the "fail.example.com" CNAME (or the local DNS server performs a recursive lookup on its behalf) and it gets the failover address and will continue getting it for as long as clients make AAAA requests to the GSLB.
There is apparently no way to configure the A10 GSLB to say "if there is no IPv6 record for a VIP but there is an IPv4 address, return NOERR with the A record"
More information about the ipv6-ops
mailing list