Hi All,
Can we configure more than one Primary DNS Servers and Alternate DNS servers from ProxySG S400-30
Ex:
Primary DNS : 10.10.10.10,10.10.10.11,10.10.10.12
AlternateSecondary DNS : 10.10.10.13,10.10.10.15,10.10.10.17
Regards,
Ramu.
Domains hosted on all Citrix ADC MPX/SDX/VPX appliances in ADNS mode or proxy mode will continue to be accessible after DNS Flag Day without any performance impact.
Citrix ADC can be deployed in multiple modes for DNS traffic and the following table captures the impact in each mode.
| Deployment Mode | Test Result |
| DNS proxy mode with caching enabled | No impact on domain availability and performance. Overall minor impact is identified due to our approach of EDNS options handling |
| DNS proxy mode with caching disabled | |
| GSLB mode (zone same as GSLB domain) | |
| ADNS mode with authoritative zone | |
| Load Balancing virtual server with authoritative zone | |
| Resolver mode with authoritative zone | |
| Content Switching with authoritative zone | |
| DNS proxy mode with caching enabled with EDNS Client Subnet enabled on backend server | |
| DNS proxy mode with caching disabled with EDNS Client Subnet enabled on backend server | |
| GSLB with DNSSEC | |
| GSLB with EDNS Client Subnet enabled | |
| DNSSEC enabled ADNS |
If you test your application domain in https://dnsflagday.net/ portal, you could get the following result – “Minor problems detected!” (see Appendix A). This is because of our approach of EDNS options handling. It is assured that there will be no impact on domain availability and performance post DNS Flag Day.
Citrix ADC supports EDNS0 on all supported versions – 10.5, 11.0, 11.1, 12.0 and 12.1 – and you shall get the same result i.e. “Minor problems detected!” on all versions, if configured correctly.
We will release a build in future with all required EDNS standards and comply completely.If you are getting a result other than “All Ok!” or “Minor problems detected!” see next section on Citrix recommendation.
See Appendix B to find how to configure these entities on Citrix ADC.
If these steps do not give you a “Minor problems detected!” result, kindly contact Citrix Support.
Some examples of failure cases are given below:
Example 1: Test result: “Fatal error detected!”
Cause: This happens when test tool gets timeout on TCP queries.
Solution: Ensure that DNS_TCP type virtual server (in case of DNS proxy deployment) and ADNS_TCP service (in case of ADNS deployment) are up and running on Citrix ADC.
Example 2: Test result: “Serious problem detected!”
Cause: This is seen in cases when there is some network connectivity issue with the DNS server. Also, the result can change to “Minor problem detected!” intermittently.
Solution: Ensure there is no network connectivity issue with the server and recommended steps above are followed.
Testing domain on https://dnsflagday.net/ can give the following results:
CLI: add dns soarec <domain name> -originserver <> -contact <>
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> DNS -> Records -> SOA Records
CLI: add dns nsrec <domain name> <NS record>
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> DNS -> Records -> Name Server Records
CLI: add lb vserver <vserver name> DNS_TCP <IP> 53
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> Load Balancing -> Virtual Servers
CLI: add service <service name> <IP> ADNS_TCP 53
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> Load Balancing -> Services
Check and modify if relevant ,XMS configured DNS server(s) IP-addr
Example of XMS DNS server(s) configured IP_Addr:
xmcli (tech)> show-dns-servers
Primary: 10.64.224.1
Secondary: 10.64.224.2
Example of reconfiguring the XMS DNS server(s) IP_Addr
xmcli (tech)> show-dns-servers
Primary: 10.64.224.1
Secondary: 10.64.224.2
xmcli (tech)> modify-dns-servers secondary=””
xmcli (tech)> show-dns-servers
Primary: 10.64.224.1
Secondary: None
Note: You need to have a primary DNS server configured before adding or removing secondary DNS server
xmcli (admin)> show-dns-servers
Primary: none
Secondary: none
xmcli (tech)> modify-dns-servers secondary=”10.64.224.1″
The new secondary DNS server will be: “10.64.224.1”
Are you sure? (Yes/NO):yes
***XMX Completion Code: must_first_specify_primary_dns
| Article Number: 483305 | Article Version: 3 | Article Type: Break Fix |
VNX1 Series,VNX2 Series
Loss of access to NFS export when a host is added or removed to the host access list for that export.
All hosts were using either RedHat of CentOS.
When there is a huge list of hosts in the access list for an export, and those hosts are entered using Fully Qualified Domain Name (FQDN) instead of the IP address, it is possible that some DNS resolution timeouts appear, causing loss of access to the export to all the hosts in the list.
This loss of access can has being reported to last between 5-10 minutes in a export list with 167 hosts where there were 3 hosts that had no DNS resolution.
The issue started when customer deleted from DNS configuration some hosts that were retired.
It will be recommended to use a test Filesystem prior to apply this solution to production Filesystem
Check DNS resolution for each host in the export list. This can be achieved using “server_ping” command or more practical using “ping” from the Control Station if the Data Movers and Control Station have the same DNS server configured.
Remove from the export access list the hosts that failed to resolve DNS. Check adding or removing a host to the list, whether the access is lost.
| Article Number: 488027 | Article Version: 7 | Article Type: Break Fix |
Unity 300,Unity 300F,Unity 400,Unity 400F,Unity 500,Unity 500F,Unity 600,Unity 600F,Unity All Flash,Unity Family,Unity Hybrid,UnityVSA,UnityVSA (Virtual Storage Appliance),UnityVSA Professional Edition,UnityVSA VVols Edition,Unity Hybrid flash
Please note that the NAS server DNS settings are not affected by this issue.
Code upgrade to product 4.0.1.8194551 erases DNS settings, if the latter were entered manually (Settings -> Management -> DNS Servers: Manage Domain Name Servers -> Configure DNS server address manually). After upgrade the contents of file /etc/resolv.conf are not restored. It will stop the DNS name resolving and delete the domain name information from the system. In turn, it may affect networking services, including NTP and SMTP, and remove the system domain name from the management connection SSL certificate.
Due to a persistence of settings issue that may occur post upgrade to Unity OE (Operating Environment) 4.0.1.8194551, EMC decided to remove this Unity and UnityVSA release from support.emc.com
A revised OE release is available 4.0.1.8404134 Unity SP1.2
Customers who were planning to upgrade to 4.0.1.8194551 are suggested to wait to upgrade to the upcoming release.
For customers already running 4.0.1.8194551, please review that your DNS server preferences are set correctly under Unisphere > Settings > Management > DNS Server, and update as required.
Please contact EMC support if you have any questions – go to EMC Online Support at: https://Support.EMC.com. After logging in, locate ‘Create a service request’.
uemcli /net/dns/config set -nameServer <value>
uemcli –u service –p <service password> /service/system restart
After the last step you should be able to connect to the system by name again.
The latest release of SP1 contains the fix for this issue 4.0.1.84.04134
However, you can configure the GSLB virtual server to send an empty down response (enable EDR on GSLB Vserver). When this option is set, a DNS response from a GSLB virtual server that is in a DOWN state does not contain IP address records, and this prevents clients from attempting to connect to GSLB sites that are down.
https://docs.citrix.com/en-us/netscaler/10-1/ns-tmg-wrapper-10-con/netscaler-gslb-gen-wrapper-10-con/ns-gslb-protct-setup-against-fail-con.html
A DNS response can contain either the IP address of the requested domain or an answer stating that the IP address for the domain is not known by the DNS server, in which case the query is forwarded to another name server. These are the only possible responses to a DNS query.
When a GSLB virtual server is disabled or in a DOWN state, the response to a DNS query for the GSLB domain bound to that virtual server contains the IP addresses of all the services bound to the virtual server. However, you can configure the GSLB virtual server to in this case send an empty down response (EDR). When this option is set, a DNS response from a GSLB virtual server that is in a DOWN state does not contain IP address records, but the response code is successful. This prevents clients from attempting to connect to GSLB sites that are down.
Note: You must configure this setting for each virtual server to which you want it to apply.
At the command prompt, type:
set gslb vserver<name> -EDR (ENABLED | DISABLED)
Example
> set gslb vserver vserver-GSLB-1 -EDR ENABLED Done
This article contains information about configuring a DNS view for Global Server Load Balancing on a NetScaler appliance.
Based on the parameters that identify the client requests, you can use DNS views to control IP address returned in a DNS query. For example, you can use DNS views to control the client requests based in the source of the request. If the request is from a client within the LAN, then return a specific IP address. However, if the request is from a client from another network, then return another IP address.
You can configure DNS views to support only Global Server Load Balancing records. DNS views also support DNS proxy and ADNS deployments.
You must configure DNS policies on the NetScaler appliance to verify if a DNS view is applied. Consider the following points when configuring a DNS policy:
DNS policies are verified every time a client connection is made.
DNS policy should verify the condition applied to the connection. For example, if the client IP is in range 10.10.0.0/24, then apply a DNS view.
DNS policy must be bound globally.
You can apply priorities to the DNS policies. This influences the order of policy processing.
If a policy applies a view, then the statement returns the configured value.
Hi Guys,
I need some clarification on DNS queries by the client PC enabled with web proxy on its browser.
Whether the PC defined DNS servers will do DNS resolution or the proxy server does it while browsing websites?
If proxy server does the DNS resolution, what is the solution to get the DNS queries directly from the PC defined DNS servers?
Event ID 2 — DNS Server Service Status
Updated: November 13, 2007
Applies To: Windows Server 2008
The DNS Server service responds to requests from DNS client computers for name resolution services. Domain Name System (DNS) is a protocol that enables a computer to obtain the numeric IP address of another computer by submitting the target computer’s name to a DNS server. Problems with the DNS Server service can cause network performance to degrade or even prevent network computers from being able to locate each other.
Event Details
| Product: | Windows Operating System |
| ID: | 2 |
| Source: | Microsoft-Windows-DNS-Server-Service |
| Version: | 6.0 |
| Symbolic Name: | DNS_EVENT_STARTUP_OK |
| Message: | The DNS server has started. |
Resolve
This is a normal condition. No further action is required.
Related Management Information