<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Perhaps that's why the website says, "<b><i>Note:</i></b> The AX is
not recommended as a full DNS server replacement "<br>
<br>
I suspect using a subdomain model or proxy model would overcome
these problems.<br>
<br>
On 10/23/2011 7:55 PM, George Bonser wrote:
<blockquote
cite="mid:596B74B410EE6B4CA8A30C3AF1A155EA09BB8357@RWC-MBX1.corp.seven.com"
type="cite">
<pre wrap="">And just to add, the desired behavior would be:
If an AAAA request is received and if there is no IPv6 address for a VIP resource, if the VIP is up, return NOERR with the A record. If the VIP is down, return the as-replace cname record.
If an AAAA request is received and if there is an IPv6 address for a VIP resource, if the VIP is up, return the IPv6 address. If the VIP is down, return the as-replace cname record.
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:ipv6-ops-bounces+gbonser=seven.com@lists.cluenet.de">ipv6-ops-bounces+gbonser=seven.com@lists.cluenet.de</a> [<a class="moz-txt-link-freetext" href="mailto:ipv6">mailto:ipv6</a>-
<a class="moz-txt-link-abbreviated" href="mailto:ops-bounces+gbonser=seven.com@lists.cluenet.de">ops-bounces+gbonser=seven.com@lists.cluenet.de</a>] On Behalf Of George
Bonser
Sent: Sunday, October 23, 2011 5:49 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:ipv6-ops@lists.cluenet.de">ipv6-ops@lists.cluenet.de</a>
Subject: Interesting A10 GSLB interop problem
I ran across an interesting problem when using an A10 for GSLB with
IPv4 only resources.
So assume the following configuration:
gslb zone example.com
policy foo
ttl 7200
service http foo
dns-cname-record fail.example.com as-replace
dns-a-record foo-vip ttl 600
GSLB is operating in server mode, not proxy mode.
The purpose if this config is that if a user requests foo.example.com
and it is down, it (and all other users using that DNS server) is
diverted to fail.example.com for a period of two hours. Foo-vip has
only an IPv4 address.
Assume a client makes a request for an A record. The local DNS server
will request an A record and get back the record for foo.example.com
and everything works as planned.
The problem comes in when a client device makes a request for an AAAA
record. As there is no ipv6 address for foo-vip, the client's local
DNS server receives the fail.example.com CNAME which lives for two
hours.
A subsequent client making an IPv4 request after the 600 second TTL of
the A record receives the "fail.example.com" CNAME (or the local DNS
server performs a recursive lookup on its behalf) and it gets the
failover address and will continue getting it for as long as clients
make AAAA requests to the GSLB.
There is apparently no way to configure the A10 GSLB to say "if there
is no IPv6 record for a VIP but there is an IPv4 address, return NOERR
with the A record"
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>