Is Citrix ADC impacted?
Domains hosted on all Citrix ADC MPX/SDX/VPX appliances in ADNS mode or proxy mode will continue to be accessible after DNS Flag Day without any performance impact.
Citrix ADC can be deployed in multiple modes for DNS traffic and the following table captures the impact in each mode.
|Deployment Mode||Test Result|
|DNS proxy mode with caching enabled||No impact on domain availability and performance. Overall minor impact is identified due to our approach of EDNS options handling|
|DNS proxy mode with caching disabled|
|GSLB mode (zone same as GSLB domain)|
|ADNS mode with authoritative zone|
|Load Balancing virtual server with authoritative zone|
|Resolver mode with authoritative zone|
|Content Switching with authoritative zone|
|DNS proxy mode with caching enabled with EDNS Client Subnet enabled on backend server|
|DNS proxy mode with caching disabled with EDNS Client Subnet enabled on backend server|
|GSLB with DNSSEC|
|GSLB with EDNS Client Subnet enabled|
|DNSSEC enabled ADNS|
If you test your application domain in https://dnsflagday.net/ portal, you could get the following result – “Minor problems detected!” (see Appendix A). This is because of our approach of EDNS options handling. It is assured that there will be no impact on domain availability and performance post DNS Flag Day.
Citrix ADC supports EDNS0 on all supported versions – 10.5, 11.0, 11.1, 12.0 and 12.1 – and you shall get the same result i.e. “Minor problems detected!” on all versions, if configured correctly.We will release a build in future with all required EDNS standards and comply completely.
If you are getting a result other than “All Ok!” or “Minor problems detected!” see next section on Citrix recommendation.
What is Citrix Recommendation?
- Configure SOA and NS records for the zones you are authoritative for.
- If Citrix ADC is deployed in proxy mode, configure DNS_TCP type virtual server also. Ensure that this virtual server is up and running.
- If Citrix ADC is deployed in ADNS mode, configure ADNS_TCP type service also. Ensure that this service is up and running.
See Appendix B to find how to configure these entities on Citrix ADC.
If these steps do not give you a “Minor problems detected!” result, kindly contact Citrix Support.
Example Failure Cases
Some examples of failure cases are given below:
Example 1: Test result: “Fatal error detected!”
Cause: This happens when test tool gets timeout on TCP queries.
Solution: Ensure that DNS_TCP type virtual server (in case of DNS proxy deployment) and ADNS_TCP service (in case of ADNS deployment) are up and running on Citrix ADC.
Example 2: Test result: “Serious problem detected!”
Cause: This is seen in cases when there is some network connectivity issue with the DNS server. Also, the result can change to “Minor problem detected!” intermittently.
Solution: Ensure there is no network connectivity issue with the server and recommended steps above are followed.
Testing domain on https://dnsflagday.net/ can give the following results:
Configuring SOA record
CLI: add dns soarec <domain name> -originserver <> -contact <>
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> DNS -> Records -> SOA Records
Configuring NS record
CLI: add dns nsrec <domain name> <NS record>
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> DNS -> Records -> Name Server Records
Configuring DNS_TCP type virtual server
CLI: add lb vserver <vserver name> DNS_TCP <IP> 53
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> Load Balancing -> Virtual Servers
Configuring ADNS_TCP type service
CLI: add service <service name> <IP> ADNS_TCP 53
GUI: Citrix ADC GUI -> Configuration -> Traffic Management -> Load Balancing -> Services