-
Getting Started with Citrix ADC
-
Deploy a Citrix ADC VPX instance
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure HA-INC nodes by using the Citrix high availability template with Azure ILB
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
-
Upgrade and downgrade a Citrix ADC appliance
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Configuring authentication, authorization, and auditing policies
-
Configuring Authentication, authorization, and auditing with commonly used protocols
-
Use an on-premises Citrix Gateway as the identity provider for Citrix Cloud
-
Troubleshoot authentication issues in Citrix ADC and Citrix Gateway with aaad.debug module
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
-
Authentication and authorization
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configure the Citrix ADC appliance as a DNS proxy server
As a DNS proxy server, the ADC appliance can function as a proxy for either a single DNS server or a group of DNS servers. The flow of requests and responses is illustrated in the following sample topology diagram.
Figure 1. Citrix ADC as DNS proxy
By default, the Citrix ADC appliance caches responses from DNS name servers. When the appliance receives a DNS query, it checks for the queried domain in its cache. If the address for the queried domain is present in its cache, the Citrix ADC returns the corresponding address to the client. Otherwise, it forwards the query to a DNS name server that checks for the availability of the address and returns it to the Citrix ADC. The Citrix ADC then returns the address to the client.
For requests for a domain that has been cached earlier, the Citrix ADC serves the Address record of the domain from the cache without querying the configured DNS server.
The appliance discards a record stored in its cache when the time-to-live (TTL) value of the record reaches the configured value. A client that requests an expired record has to wait until the Citrix ADC retrieves the record from the server and updates its cache. To avoid this delay, the Citrix ADC proactively updates the cache by retrieving the record from the server before the record expires.
The following table lists sample names and the values of the entities that need to be configured on the Citrix ADC.
Table 1. Example of DNS Proxy Entity Configuration |Entity type|Name|IP address|Type|Port| |— |— |— |— |— | |LB virtual server|Vserver-DNS-1|10.102.29.40|DNS|53| |Services|Service-DNS-1|10.102.29.50|DNS|53| |Services|Service-DNS-2|10.102.29.51|DNS|53|
The following diagram shows the entities of a DNS Proxy and the values of the parameters to be configured on the Citrix ADC.
Figure 2. DNS Proxy Entity Model
Note
To configure DNS proxy, you need to know how to configure load balancing services and virtual servers.
Create a load balancing virtual server
To configure a DNS Proxy on the Citrix ADC, configure a load balancing virtual server of type DNS. To configure a DNS virtual server to load balance a set of DNS servers that support recursive queries, you must set the Recursion Available option. With this option, the RA bit is set to ON in the DNS replies from the DNS virtual server.
For instructions on creating a load balancing virtual server, see “Load Balancing”.
Create DNS services
After creating a load balancing virtual server of type DNS, you must create DNS services. You can add, modify, enable, disable, and remove a DNS service. For instructions on creating a DNS service, see “Load Balancing”.
Bind a load balancing virtual server to DNS services
To complete the DNS Proxy configuration, you must bind the DNS services to the load balancing virtual server. For instructions on binding a service to a load balancing virtual server, see “Load Balancing”.
Configure the DNS proxy setup to use TCP
Some clients use the User Datagram Protocol (UDP) for DNS communications. However, UDP specifies a maximum packet size of 512 bytes. When payload lengths exceed 512 bytes, the client must use the Transmission Control Protocol (TCP). When a client sends the Citrix ADC appliance a DNS query, the appliance forwards the query to one of the name servers. If the response is too large for a UDP packet, the name server sets the truncation bit in its response to the Citrix ADC. The truncation bit indicates that the response is too large for UDP and that the client must send the query over a TCP connection. The Citrix ADC relays the response to the client with the truncation bit intact and waits for the client to initiate a TCP connection with the IP address of the DNS load balancing virtual server, on port 53. The client sends the request over a TCP connection. The Citrix ADC appliance then forwards the request to the name server and relays the response to the client.
To configure the Citrix ADC to use the TCP protocol for DNS, you must configure a load balancing virtual server and services, both of type DNS_TCP. You can configure monitors of type DNS_TCP to check the state of the services. For instructions on creating DNS_TCP virtual servers, services, and monitors, see “Load Balancing.”
For updating the records proactively, the Citrix ADC uses a TCP connection to the server to retrieve the records.
Important To configure the Citrix ADC to use UDP for DNS and use TCP only when the payload length of UDP exceeds 512 bytes, you need to configure DNS and DNS_TCP services. The IP address of the DNS_TCP service must be same as that of the DNS service.
Configure time-to-live values for DNS entries
The TTL is the same for all DNS records with the same domain name and record type. If the TTL value is changed for one of the records, the new value is reflected in all records of the same domain name and type. The default TTL value is 3600 seconds. The minimum is 0, and the maximum is 604800. If a DNS entry has a TTL value less than the minimum or greater than the maximum, it is saved as the minimum or maximum TTL value, respectively.
Specify the minimum and/or maximum TTL by using the CLI
At the Citrix ADC command prompt, type the following commands to specify the minimum and maximum TTL and verify the configuration:
- set dns parameter [-minTTL <secs>] [-maxTTL <secs>]
- show dns parameter
<!--NeedCopy-->
Example:
> set dns parameter -minTTL 1200 -maxTTL 1800
Done
> show dns parameter
DNS parameters:
DNS retries: 5
Minimum TTL: 1200 Maximum TTL: 1800
.
.
.
Done
>
<!--NeedCopy-->
Specify the minimum and/or maximum TTL by using the GUI
- Navigate to Traffic Management > DNS.
- In the details pane, under Settings, click Change DNS settings.
- In the Configure DNS Parameters dialog box, in TTL, in the Minimum and Maximum text boxes, type the minimum and maximum time to live (in seconds), respectively, and then click OK.
Note: When the TTL expires, the record is deleted from the cache. The Citrix ADC proactively contacts the servers and obtains the DNS record just before the DNS record expires.
Flush DNS records
You can delete all DNS records present in the cache. For example, you might want to flush DNS records when a server is restarted after modifications are made.
Delete all proxy records by using the CLI
At the Citrix ADC command prompt, type:
flush dns proxyRecords
Delete all proxy records by using the GUI
- Navigate to Traffic Management > DNS > Records.
- In the details pane, click Flush Proxy Records.
Add DNS resource records
You can add DNS records to a domain for which the Citrix ADC appliance is configured as a DNS proxy server. For information about adding DNS records, see Configuring DNS Resource Records.
Remove a load balancing DNS virtual server
For information about removing a load balancing virtual server, see Load Balancing.
Limit the number of concurrent DNS requests on a client connection
You can limit the number of concurrent DNS requests on a single client connection, which is identified by the <clientip:port>-<vserver ip:port> tuple. Concurrent DNS requests are those requests that the Citrix ADC appliance has forwarded to the name servers and for which the appliance is awaiting responses. Limiting the number of concurrent requests on a client connection enables you to protect the name servers when a hostile client attempts a Distributed Denial of Service (DDoS) attack by sending a flood of DNS requests. When the limit for a client connection is reached, subsequent DNS requests on the connection are dropped till the outstanding request count goes below the limit. This limit does not apply to the requests that the NetScCitrix ADCaler appliance serves out of its cache.
The default value for this parameter is 255. This default value is sufficient in most scenarios. If the name servers serve a large number of concurrent DNS requests under normal operating conditions, you can specify either a large value or a value of zero (0). A value of 0 disables this feature and specifies that there is no limit to the number of DNS requests that are allowed on a single client connection. This is a global parameter and applies to all the DNS virtual servers that are configured on the Citrix ADC appliance.
Specify the maximum number of concurrent DNS requests allowed on a single client connection by using the CLI
At the command prompt, type the following commands to specify the maximum number of concurrent DNS requests allowed on a single client connection and verify the configuration:
- set dns parameter -maxPipeline <positive_integer>
- show dns parameter
<!--NeedCopy-->
Example:
> set dns parameter -maxPipeline 1000
Done
> show dns parameter
DNS parameters:
DNS retries: 5
.
.
.
Max DNS Pipeline Requests: 1000
Done
<!--NeedCopy-->
Specify the maximum number of concurrent DNS requests allowed on a single client connection by using the GUI
- Navigate to Traffic Management > DNS.
- In the details pane, click Change DNS settings.
- In the Configure DNS Parameters dialog box, specify a value for Max DNS Pipeline Requests.
- Click OK.
Share
Share
In this article
- Create a load balancing virtual server
- Create DNS services
- Bind a load balancing virtual server to DNS services
- Configure the DNS proxy setup to use TCP
- Configure time-to-live values for DNS entries
- Flush DNS records
- Add DNS resource records
- Remove a load balancing DNS virtual server
- Limit the number of concurrent DNS requests on a client connection
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.