This article describes the DNS request flow differences between Global Server Load Balancing (GSLB) ADNS and DNS proxy solutions.

GSLB ADNS Solution DNS Request Flow Chart

The preceding diagram is an example that sets up two NetScaler appliances with GSLB. When a user wants to access support.example.com, the DNS hierarchy directs the request to one of the NetScaler appliances based on the user's geographic location. The preceding diagram shows the DNS request flow using a GSLB ADNS solution:

1. When a client tries to resolve “support.example.com”, it first sends a DNS request to one of the "root." name servers (for example, 10.10.128.30) and receives a reply for the "com." name server's IP address 10.10.112.30.

2. The client sends a DNS request to "com." name server 10.10.112.30 and receives a reply with the "example.com." name server 10.10.178.77.

3. At "example.com.", name server 10.10.178.77 needs two name server entries for the subdomain "support." "example.com." as:
   support.example.com.: name server 10.10.178.15
   support.example.com.: name server 10.10.178.16
   When the client queries support.example.com, it returns one of the subdomain IP addresses 10.10.178.15 or 10.10.178.16, which are the NetScaler GSLB systems.

4. Assume that the client receives 10.10.178.16 from Step 3. Because ADNS service IP address at NS-GSLB site B is configured to 10.10.178.16, the client sends the DNS request to this NetScaler.

5. The DNS request comes into NS-GSLB site B. Then, because the request domain support.example.com is the same as configured for the GSLB virtual server, GSLB ADNS returns the correct GSLB service IP address, based on its GSLB decision, to the client. This example returns 10.217.146.40 or 10.217.146.45.

6. Steps 6 and 7 in the preceding diagram is the same as Steps 4 and 5, when the DNS request is directed to NS-GSLB site A from Step 3.

GSLB DNS Proxy Solution DNS Request Flow Chart

The preceding diagram is an example that sets up two NetScaler appliances with GSLB. When a user wants to access support.example.com, the DNS hierarchy directs the request to one of the NetScalers based on the user's geographic location. The preceding diagram shows the DNS request flow using a GSLB ADNS solution:

1. When a client tries to resolve support.example.com, it first sends a DNS request to one of the "root." name servers (for example, 10.10.128.30 ) and receives a reply for the "com." name server IP 10.10.112.30.

2. The client sends DNS request to "com." name server 10.10.112.30 and receives a reply with the "example.com." The GSLB DNS proxy solution needs two name server entries at the "com." name server for example.com.:
   example.com.: NS 10.10.178.77
   example.com.: NS 10.10.178.78

3. Assume that the client receives 10.10.178.78 from Step 2. Because the DNS virtual server IP address at NS-GSLB site B is configured to 10.10.178.78, the client sends the DNS request to this NetScaler appliance.

4. The DNS request comes into NS-GSLB site B. Then, because the request domain support.example.com is the same as configured for the GSLB virtual server, GSLB ADNS returns the correct GSLB service IP address to the client. This example returns 10.217.146.40 or 10.217.146.45.
   Note: Most importantly, the DNS request stops here and is not forwarded to the back end external or internal DNS name servers.

5. Steps 5 and 6 in the preceding diagram is the same as Steps 3 and 4, when the DNS request is directed to NS-GSLB site A from Step 2.

GSLB DNS Proxy Solution DNS Request Flow Chart when the Client DNS Request Domain is not GSLB Domain

In the preceding diagram, continue with the DNS proxy flow chart if the client DNS request is not for GSLB domain. Then, it is forwarded to the back end external or internal DNS name server.

1. When a client tries to resolve news.example.com, it first sends a DNS request to one of the "root." name servers (for example, 10.10.128.30) and receives a reply for the "com." name server IP address 10.10.112.30.

2. The client sends the DNS request to "com." name server 10.10.112.30 and receives a reply with the "example.com." The GSLB DNS proxy solution needs two name server entries at the "com." name server for example.com.:
   example.com.: NS 10.10.178.77
   example.com.: NS 10.10.178.78

3. Assume that the client receives 10.10.178.78 from Step 2. Because the DNS virtual server IP address at NS-GSLB site B is configured to 10.10.178.78, the client sends the DNS request to this NetScaler appliance.

4. The DNS request comes into NS-GSLB site B. Then, because the request domain news.example.com is different than GSLB virtual server domain support.example.com, the GSLB virtual server does not return any IP address and the DNS request is forwarded to the back end external or Internal DNS1 name server or DNS2 name server. Then, one of the external or internal DNS name servers returns the IP address, in this example, 10.217.146.80 to the client.

5. Steps 5 and 6 in the preceding diagram is the same as Steps 3 and 4 when the DNS request is directed to NS-GSLB site A from Step 2.

Additional Resources

You can use dig +trace to see the DNS request flow information:
C:\download\dns\dig-files>dig @192.168.0.1 support.example.com. +trace

; <<>> DiG 9.3.2 <<>> @192.168.0.1 support.example.com. +trace
; (1 server found)
;; global options: printcmd
.                       434397  IN      NS      J.ROOT-SERVERS.NET.
.                       434397  IN      NS      E.ROOT-SERVERS.NET.
.                       434397  IN      NS      K.ROOT-SERVERS.NET.
.                       434397  IN      NS      H.ROOT-SERVERS.NET.
.                       434397  IN      NS      G.ROOT-SERVERS.NET.
.                       434397  IN      NS      C.ROOT-SERVERS.NET.
.                       434397  IN      NS      F.ROOT-SERVERS.NET.
.                       434397  IN      NS      L.ROOT-SERVERS.NET.
.                       434397  IN      NS      B.ROOT-SERVERS.NET.
.                       434397  IN      NS      M.ROOT-SERVERS.NET.
.                       434397  IN      NS      A.ROOT-SERVERS.NET.
.                       434397  IN      NS      D.ROOT-SERVERS.NET.
.                       434397  IN      NS      I.ROOT-SERVERS.NET.
;; Received 228 bytes from 192.168.0.1#53(192.168.0.1) in 15 ms

com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
;; Received 508 bytes from 10.10.128.30#53(J.ROOT-SERVERS.NET) in 421 ms

example.com.             172800  IN      NS      drextdns01.example.com.
example.com.             172800  IN      NS      hqextdns04.example.com.
example.com.             172800  IN      NS      hqextdns05.example.com.
;; Received 159 bytes from 10.10.112.30#53(H.GTLD-SERVERS.NET) in 281 ms

support.example.com.     3600    IN      A       10.217.146.40
;; Received 52 bytes from 10.10.138.77#53(drextdns01.example.com) in 78 ms

Note: This article shows some public IP addresses as internal IP addresses, like 10.10.x.x, for documentation purposes.