10-26-2001 10:57 AM
Our Intranet includes two datacenters with a CSS at each datacenter. Each CSS has a circuit to the LAN at that datacenter as well as a circuit to the CSS at the other datacenter via ATM. The problem we are having is with sites that are Global Server Load Balanced by the CSSs. Depending on where the client sits on the network and how the OSPF routing tables look, a client could send a DNS request to one interface on the CSS and get the response from the other interface. When this happens, the DNS response has a source IP of the second interface which looks like a spoof to the client.
I am wondering if anyone else has had this problem and what you have done to fix it. We are considering removing the ATM link between the two CSSs but it is nice to have. In my opinion, the CSS needs to be "fixed" to always source the DNS response with the IP address that it received the request on. In fact, the DNS RFC specifies that DNS servers must do this.
Any thoughts would be appreciated.
Thanks,
Norman Ackroyd
Web Infrastructure Specialist
11-04-2001 09:00 PM
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
11-08-2001 12:50 PM
I think your describing the default dns balancing method of roundrobin. Our configurations did exactly the same thing until I added a "dnsbalance perferlocal" in the rules.
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_410/bsccfggd/owners.htm#22226
Hope I've understood the problem from your description.
Todd Roark
Sr. Network Engineer
Kinder Morgan Inc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide