How to Delegate Zones from One NetScaler Appliance to Another
Article ID: CTX135580
Updated On:
Description
This article describes how to delegate Domain Naming System (DNS) zones from one NetScaler appliance to another.
Background
NetScaler appliances can be Authoritative Domain Name System (ADNS) servers and host delegated zones. In some scenarios, you might want to delegate a subdomain of the delegated zone to another NetScaler appliance.A zone entity on a NetScaler appliance facilitates the ownership of a domain on the appliance. It is also used in the context of DNS Security Extensions (DNSSEC).
If the NetScaler appliance is operating as an authoritative DNS server for a zone, then you must create Start of Authority (SOA) and name server (NS) records for the zone before you create the zone entity.Instructions
Delegation to the NetScaler Appliance
Refer to CTX122619 - DNS and GSLB Primer.
Delegation on a Windows Computer
Refer to http://technet.microsoft.com/en-us/library/cc794863(v=ws.10).aspx for Windows Delegation.
You can delegate a subdomain of a delegated zone from the NetScaler using any of the following methods:
Option 1: Using Zone Entities
From the stage.example.com zone, if you want to delegate lb.stage.example.com to a second layer NetScaler or DNS server, complete the following procedure:
-
Run the following command from the command line interface to setup the ADNS services on the NetScaler appliance:
Note: You can use these services with a GLSB configuration.
add service adnstest 10.217.245.103 ADNS 53 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO -appflowLog DISABLED add service adnstesttcp 10.217.245.103 ADNS_TCP 53 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO -appflowLog DISABLED
-
Add a SOA and NS record for stage.example.com and an Address record for the corresponding Name Server, as shown in the following screen shots:
add dns soaRec stage.example.com -originServer ns.stage.example.com -contact hostmaster.example.com add dns nsRec stage.example.com ns.stage.example.com add dns addRec ns.stage.example.com 10.217.245.103
-
Add a NetScaler record for lb.stage.example.com and an Address record for the corresponding Name Server:
add dns nsRec lb.stage.example.com nslb.stage.example.com add dns addRec nslb.stage.example.com 10.217.146.87
-
Ensure that you configure the stage.example.com zone with –proxyMode NO, because the NetScaler appliance is Authoritative for the zone:
add dns zone stage.example.com -proxyMode NO -
Ensure that you configure the lb.stage.example.com with –proxyMode YES:
Note: Because the appliance is set up as an ADNS server, this does not proxy the DNS requests.
add dns zone lb.stage.example.com -proxyMode YES
-
On the second layer NetScaler appliance, set up ADNS services and relevant SOA, NS, and Address records for the lb.stage.example.com zone:
add service adnstest 10.217.146.87 ADNS 53 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport NO -sp OFF -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO -appflowLog DISABLED add service adnstesttcp 10.217.146.87 ADNS_TCP 53 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO -appflowLog DISABLED add dns soaRec lb.stage.example.com -originServer nslb.stage.example.com -contact hostmaster.example.com add dns nsRec lb.stage.example.com nslb.stage.example.com add dns addRec nslb.stage.example.com 10.217.146.87
-
Run the following command to add the lb.stage.example zone:
add dns zone lb.stage.example.com -proxyMode NO
Option 2
Alternately, you can use the same configuration without the add dns zone command on either NetScaler appliances.Issue/Introduction
Additional Information
This configuration allows successful lookups of GSLB domains that matches the delegated zones.
