Delegation of part of a zone to a global server load balancer

Mon Apr 7 22:17:39 UTC 2014

That’s what I was hoping to do, but I don’t seem to be able to get the
delegation bit working.  I’ve tried it with the load balances in the same
parent domain and in a different domain.  I’ve tried it delegating at
gslb…. And one level up.  But when I query the authoritative server
recursively, it gives me the root zone.

Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.gslb.aelabad.net
@ns3.aelabad.net +norecurse

; <<>> DiG 9.8.3-P1 <<>> outlook.gslb.aelabad.net @ns3.aelabad.net
+norecurse
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14134
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;outlook.gslb.aelabad.net.	IN	A

;; AUTHORITY SECTION:
outlook.gslb.aelabad.net. 1200	IN	NS	nsg3.aelabad.net.
outlook.gslb.aelabad.net. 1200	IN	NS	nsg4.aelabad.net.

;; ADDITIONAL SECTION:
nsg3.aelabad.net.	1200	IN	A	10.10.9.3
nsg4.aelabad.net.	1200	IN	A	10.10.9.4

;; Query time: 4 msec
;; SERVER: 10.1.9.34#53(10.1.9.34)
;; WHEN: Mon Apr  7 17:12:44 2014
;; MSG SIZE  rcvd: 112

Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.gslb.aelabad.net
@ns3.aelabad.net

; <<>> DiG 9.8.3-P1 <<>> outlook.gslb.aelabad.net @ns3.aelabad.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 988
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;outlook.gslb.aelabad.net.	IN	A

;; AUTHORITY SECTION:
net.			697	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1396908552
1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 10.1.9.34#53(10.1.9.34)
;; WHEN: Mon Apr  7 17:12:51 2014
;; MSG SIZE  rcvd: 115

On 4/7/14, 10:30 AM, "Mike Hoskins (michoski)" <michoski at cisco.com> wrote:

>In the past when doing this with Cisco GSS I followed Akamai's example,
>and had success with stuff like (gdns* were the CSS):
>
>; delegation of gslb.domain.com
>$TTL 172800     ; 2 days
>gdns1.domain.com.     A       a.b.c.d
>gdns2.domain.com.     A       e.f.g.h
>gdns3.domain.com.     A       i.j.k.l
>gdns4.domain.com.     A       m.n.o.p
>gdns5.domain.com.     A       q.r.s.t
>gdns6.domain.com.     A       u.v.w.x
>gslb.domain.com.      NS      gdns1.domain.com.
>gslb.domain.com.      NS      gdns2.domain.com.
>gslb.domain.com.      NS      gdns3.domain.com.
>gslb.domain.com.      NS      gdns4.domain.com.
>gslb.domain.com.      NS      gdns5.domain.com.
>gslb.domain.com.      NS      gdns6.domain.com.
>$TTL 3600       ; 1 hour
>$ORIGIN domain.com.
>; Hey we look like Akamai!
>gsstest                 CNAME   gsstest.domain.com.gslb.domain.com.
>
>
>...
>
># dig @8.8.8.8 gsstest.domain.com
>...
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3701
>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>...
>;; ANSWER SECTION:
>gsstest.domain.com.   3599    IN      CNAME
>gsstest.domain.com.gslb.domain.com.
>gsstest.domain.com.gslb.domain.com. 19 IN A ip.ad.dr.es
>...
>
>
>-----Original Message-----
>From: <McDonald>, Dan <Dan.McDonald at austinenergy.com>
>Date: Monday, April 7, 2014 at 10:16 AM
>To: Bind Users <bind-users at lists.isc.org>
>Subject: Delegation of part of a zone to a global server load balancer
>
>>What¹s the right way to delegate individual zone records to a ³global
>>server load balancer², which is just a simple DNS server that checks to
>>see if a server is up and if so adds the address to the rotation for
>>resolution.
>>
>>
>>I¹ve tried simple delegation using ns records, but I don¹t get
>>resolution.  In this example, nsg3 and 4 are my global server load
>>balancers for the outlook.aelabad.net zone,  and ns3.aelabad.net is the
>>start of authority for  the aelabad.net zone.
>>
>>
>>
>>
>>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net +norecurse
>>@ns3.aelabad.net
>>
>>
>>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net +norecurse @ns3.aelabad.net
>>;; global options: +cmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25051
>>;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
>>
>>
>>;; QUESTION SECTION:
>>;outlook.aelabad.net.IN A
>>
>>
>>;; AUTHORITY SECTION:
>>outlook.aelabad.net.1200 INNS nsg4.austin-energy.net.
>>outlook.aelabad.net.1200 INNS nsg3.austin-energy.net.
>>
>>
>>;; ADDITIONAL SECTION:
>>nsg3.austin-energy.net.918 INA 10.10.9.3
>>
>>
>>;; Query time: 1 msec
>>;; SERVER: 10.1.9.34#53(10.1.9.34)
>>;; WHEN: Mon Apr  7 09:05:42 2014
>>;; MSG SIZE  rcvd: 105
>>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net
>>@nsg3.austin-energy.net
>>
>>
>>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @nsg3.austin-energy.net
>>;; global options: +cmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8783
>>;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>>
>>;; QUESTION SECTION:
>>;outlook.aelabad.net.IN A
>>
>>
>>;; ANSWER SECTION:
>>outlook.aelabad.net.10 INA 10.10.223.52
>>
>>
>>;; Query time: 3 msec
>>;; SERVER: 10.10.9.3#53(10.10.9.3)
>>;; WHEN: Mon Apr  7 09:03:03 2014
>>;; MSG SIZE  rcvd: 72
>>Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net
>>@ns3.aelabad.net
>>
>>
>>; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @ns3.aelabad.net
>>;; global options: +cmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14770
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>
>>;; QUESTION SECTION:
>>;outlook.aelabad.net.IN A
>>
>>
>>;; AUTHORITY SECTION:
>>net.686 INSOA a.gtld-servers.net. nstld.verisign-grs.com. 1396879162 1800
>>900 604800 86400
>>
>>
>>;; Query time: 2 msec
>>;; SERVER: 10.1.9.34#53(10.1.9.34)
>>;; WHEN: Mon Apr  7 09:03:17 2014
>>;; MSG SIZE  rcvd: 110
>>
>>
>>
>>
>>
>>
>>
>
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users