Interesting A10 GSLB interop problem

George Bonser gbonser at seven.com
Mon Oct 24 02:55:56 CEST 2011 

And just to add, the desired behavior would be:

If an AAAA request is received and if there is no IPv6 address for a VIP resource, if the VIP is up, return NOERR with the A record.  If the VIP is down, return the as-replace cname record.

If an AAAA request is received and if there is an IPv6 address for a VIP resource, if the VIP is up, return the IPv6 address.  If the VIP is down, return the as-replace cname record.



> -----Original Message-----
> From: ipv6-ops-bounces+gbonser=seven.com at lists.cluenet.de [mailto:ipv6-
> ops-bounces+gbonser=seven.com at lists.cluenet.de] On Behalf Of George
> Bonser
> Sent: Sunday, October 23, 2011 5:49 PM
> To: ipv6-ops at lists.cluenet.de
> Subject: Interesting A10 GSLB interop problem
> 
> I ran across an interesting problem when using an A10 for GSLB with
> IPv4 only resources.
> 
> So assume the following configuration:
> 
> gslb zone example.com
> 	policy foo
> 	ttl 7200
> 	service http foo
> 		dns-cname-record fail.example.com as-replace
> 		dns-a-record foo-vip ttl 600
> 
> GSLB is operating in server mode, not proxy mode.
> 
> The purpose if this config is that if a user requests foo.example.com
> and it is down, it (and all other users using that DNS server) is
> diverted to fail.example.com for a period of two hours.  Foo-vip has
> only an IPv4 address.
> 
> Assume a client makes a request for an A record.  The local DNS server
> will request an A record and get back the record for foo.example.com
> and everything works as planned.
> 
> The problem comes in when a client device makes a request for an AAAA
> record.  As there is no ipv6 address for foo-vip, the client's local
> DNS server receives the fail.example.com CNAME which lives for two
> hours.
> 
> A subsequent client making an IPv4 request after the 600 second TTL of
> the A record receives the "fail.example.com" CNAME (or the local DNS
> server performs a recursive lookup on its behalf) and it gets the
> failover address and will continue getting it for as long as clients
> make AAAA requests to the GSLB.
> 
> There is apparently no way to configure the A10 GSLB to say "if there
> is no IPv6 record for a VIP but there is an IPv4 address, return NOERR
> with the A record"
> 
> 
>

More information about the ipv6-ops mailing list