Interesting A10 GSLB interop problem

Jack Bates jbates at brightok.net
Mon Oct 24 04:13:22 CEST 2011


Perhaps that's why the website says, "*/Note:/* The AX is not 
recommended as a full DNS server replacement "

I suspect using a subdomain model or proxy model would overcome these 
problems.

On 10/23/2011 7:55 PM, George Bonser wrote:
> And just to add, the desired behavior would be:
>
> If an AAAA request is received and if there is no IPv6 address for a VIP resource, if the VIP is up, return NOERR with the A record.  If the VIP is down, return the as-replace cname record.
>
> If an AAAA request is received and if there is an IPv6 address for a VIP resource, if the VIP is up, return the IPv6 address.  If the VIP is down, return the as-replace cname record.
>
>
>
>> -----Original Message-----
>> From: ipv6-ops-bounces+gbonser=seven.com at lists.cluenet.de [mailto:ipv6-
>> ops-bounces+gbonser=seven.com at lists.cluenet.de] On Behalf Of George
>> Bonser
>> Sent: Sunday, October 23, 2011 5:49 PM
>> To: ipv6-ops at lists.cluenet.de
>> Subject: Interesting A10 GSLB interop problem
>>
>> I ran across an interesting problem when using an A10 for GSLB with
>> IPv4 only resources.
>>
>> So assume the following configuration:
>>
>> gslb zone example.com
>> 	policy foo
>> 	ttl 7200
>> 	service http foo
>> 		dns-cname-record fail.example.com as-replace
>> 		dns-a-record foo-vip ttl 600
>>
>> GSLB is operating in server mode, not proxy mode.
>>
>> The purpose if this config is that if a user requests foo.example.com
>> and it is down, it (and all other users using that DNS server) is
>> diverted to fail.example.com for a period of two hours.  Foo-vip has
>> only an IPv4 address.
>>
>> Assume a client makes a request for an A record.  The local DNS server
>> will request an A record and get back the record for foo.example.com
>> and everything works as planned.
>>
>> The problem comes in when a client device makes a request for an AAAA
>> record.  As there is no ipv6 address for foo-vip, the client's local
>> DNS server receives the fail.example.com CNAME which lives for two
>> hours.
>>
>> A subsequent client making an IPv4 request after the 600 second TTL of
>> the A record receives the "fail.example.com" CNAME (or the local DNS
>> server performs a recursive lookup on its behalf) and it gets the
>> failover address and will continue getting it for as long as clients
>> make AAAA requests to the GSLB.
>>
>> There is apparently no way to configure the A10 GSLB to say "if there
>> is no IPv6 record for a VIP but there is an IPv4 address, return NOERR
>> with the A record"
>>
>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20111023/e8cb9e14/attachment.htm>


More information about the ipv6-ops mailing list