While we do an nslookup for the GSLB Domain, intermittently, we are getting public IP of service B.

TestPC:~$ nslookup www.test.com 10.102.239.67
Server:                 10.10.10.10
Address:              10.10.10.10#53
 
Name:   www.test.com
Address: 192.168.1.100 --> View ip
 
TestPC:~$ nslookup www.test.com 10.102.239.67
Server:                 10.10.10.10
Address:              10.10.10.10#53
 
Name:   www.test.com
Address: 2.2.2.2 --> Public ip
 
TestPC:~$ nslookup www.test.com 10.102.239.67
Server:                 10.10.10.10
Address:              10.10.10.10#53
 
Name:   www.test.com
Address: 192.168.1.100

So as a workaround we can go ahead with these 2 solutions.

a) Use DNS Policies instead of Responder.
add dns policy dnsPol200ReqAGlobal "dns.REQ.QUESTION.TYPE.EQ(A)  && sys.CHECK_LIMIT(\"Limit200ReqAGlobal\")" dns_default_act_Drop

---

Problem Cause

This is caused due to a known Bug. When a responder policy with a rate limiting expression is bound to a DNS bindpoint, and DNS views are configured, the NetScaler appliance might fail to return an expected response to a GSLB domain query.

add ns limitIdentifier Limit200Reqs -threshold 300 -mode REQUEST_RATE -limitType SMOOTH -selectorName Top_CLIENTS -trapsInTimeSlice 1
add responder policy ReqAResPol200Global "dns.REQ.QUESTION.TYPE.EQ(A)  && sys.CHECK_LIMIT(\"Limit200Reqs\")" DROP
bind responder global ReqAResPol200Global 2000 END -type DNS_REQ_DEFAULT