Delegation of part of a zone to a global server load balancer

Mike Hoskins (michoski) michoski at cisco.com
Mon Apr 7 15:30:48 UTC 2014 

In the past when doing this with Cisco GSS I followed Akamai's example,
and had success with stuff like (gdns* were the CSS):

; delegation of gslb.domain.com
$TTL 172800     ; 2 days
gdns1.domain.com.     A       a.b.c.d
gdns2.domain.com.     A       e.f.g.h
gdns3.domain.com.     A       i.j.k.l
gdns4.domain.com.     A       m.n.o.p
gdns5.domain.com.     A       q.r.s.t
gdns6.domain.com.     A       u.v.w.x
gslb.domain.com.      NS      gdns1.domain.com.
gslb.domain.com.      NS      gdns2.domain.com.
gslb.domain.com.      NS      gdns3.domain.com.
gslb.domain.com.      NS      gdns4.domain.com.
gslb.domain.com.      NS      gdns5.domain.com.
gslb.domain.com.      NS      gdns6.domain.com.
$TTL 3600       ; 1 hour
$ORIGIN domain.com.
; Hey we look like Akamai!
gsstest                 CNAME   gsstest.domain.com.gslb.domain.com.


...

# dig @8.8.8.8 gsstest.domain.com
...
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3701
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
...
;; ANSWER SECTION:
gsstest.domain.com.   3599    IN      CNAME
gsstest.domain.com.gslb.domain.com.
gsstest.domain.com.gslb.domain.com. 19 IN A ip.ad.dr.es
...


-----Original Message-----
From: <McDonald>, Dan <Dan.McDonald at austinenergy.com>
Date: Monday, April 7, 2014 at 10:16 AM
To: Bind Users <bind-users at lists.isc.org>
Subject: Delegation of part of a zone to a global server load balancer

>What¹s the right way to delegate individual zone records to a ³global
>server load balancer², which is just a simple DNS server that checks to
>see if a server is up and if so adds the address to the rotation for
>resolution.
>
>
>I¹ve tried simple delegation using ns records, but I don¹t get
>resolution.  In this example, nsg3 and 4 are my global server load
>balancers for the outlook.aelabad.net zone,  and ns3.aelabad.net is the
>start of authority for  the aelabad.net zone.
>
>
>
>
>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net +norecurse
>@ns3.aelabad.net
>
>
>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net +norecurse @ns3.aelabad.net
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25051
>;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
>
>
>;; QUESTION SECTION:
>;outlook.aelabad.net.IN A
>
>
>;; AUTHORITY SECTION:
>outlook.aelabad.net.1200 INNS nsg4.austin-energy.net.
>outlook.aelabad.net.1200 INNS nsg3.austin-energy.net.
>
>
>;; ADDITIONAL SECTION:
>nsg3.austin-energy.net.918 INA 10.10.9.3
>
>
>;; Query time: 1 msec
>;; SERVER: 10.1.9.34#53(10.1.9.34)
>;; WHEN: Mon Apr  7 09:05:42 2014
>;; MSG SIZE  rcvd: 105
>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net
>@nsg3.austin-energy.net
>
>
>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @nsg3.austin-energy.net
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8783
>;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
>
>;; QUESTION SECTION:
>;outlook.aelabad.net.IN A
>
>
>;; ANSWER SECTION:
>outlook.aelabad.net.10 INA 10.10.223.52
>
>
>;; Query time: 3 msec
>;; SERVER: 10.10.9.3#53(10.10.9.3)
>;; WHEN: Mon Apr  7 09:03:03 2014
>;; MSG SIZE  rcvd: 72
>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net
>@ns3.aelabad.net
>
>
>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @ns3.aelabad.net
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14770
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>
>;; QUESTION SECTION:
>;outlook.aelabad.net.IN A
>
>
>;; AUTHORITY SECTION:
>net.686 INSOA a.gtld-servers.net. nstld.verisign-grs.com. 1396879162 1800
>900 604800 86400
>
>
>;; Query time: 2 msec
>;; SERVER: 10.1.9.34#53(10.1.9.34)
>;; WHEN: Mon Apr  7 09:03:17 2014
>;; MSG SIZE  rcvd: 110
>
>
>
>
>
>
>

More information about the bind-users mailing list