Hendra Irawan1709154458 Posted September 25, 2017 Share Posted September 25, 2017 Hi All, Our environment requires its Netscaler VPX function as conditional forwarder only to certain domain. Example: netscaler only forward to another internal DNS Server if query name contain *.corp.domain.net. If name requests to external domain, or others domain, request should be dropped. For some reasons, we set client secure environment's DNS server points to SNIP Address of netscaler. ADNS Service has been configured on netscaler. If we add manually address records for *.corp.domain.net and their ip addresses, client can resolve the name. Also, if we run: "show dns addrec host1", then new proxy record appear on address records: host1.corp.domain.net. Then, client can resolve the address host1.corp.domain.net. How can we achieve so that client can resolve all records on corp.domain.net domain automatically, without running "show dns addrec <address record>" manually? We have set "enable recursion" on DNS settings, on Name servers we add another internal DNS server, and on DNS Suffix, we have add "corp.domain.net" domain. Link to comment Share on other sites More sharing options...
CarlStalhood Posted September 25, 2017 Share Posted September 25, 2017 Instead of ADNS, create a Load Balancing vServer for DNS protocol. Bind your internal DNS servers to the LB vServer. Then submit queries to the LB vServer. Link to comment Share on other sites More sharing options...
Hendra Irawan1709154458 Posted October 16, 2017 Author Share Posted October 16, 2017 Hi Carl, After searching, this requirement can be achieved by using dns responder policy and binding it to the vServer of DNS server. http://blog.norz.at/protect-a-dns-server-using-a-citrix-netscaler/ Link to comment Share on other sites More sharing options...
Mike Chomicz Posted November 26, 2020 Share Posted November 26, 2020 @Hendra Irawan1709154458 are you able to provide more details about your config? im looking to do what appears to be the same thing - the link you've provided only has the responder policy dropping requests to a given domain... how do you make it so it uses the netscaler as a forwarder without having to manually run the show dns addrec command? Link to comment Share on other sites More sharing options...
OM Kaewsaenchai Posted June 16, 2022 Share Posted June 16, 2022 (edited) On 11/27/2020 at 2:08 AM, Mike Chomicz said: @Hendra Irawan1709154458 are you able to provide more details about your config? im looking to do what appears to be the same thing - the link you've provided only has the responder policy dropping requests to a given domain... how do you make it so it uses the netscaler as a forwarder without having to manually run the show dns addrec command? I know your struggle. Citrix Edocs is very poorly written from Lazy Staff or the one who didn't really know that features. You cannot just add Subnet IP as ADNS and point to lookup a that IP, It does not work.(It will only work for local ADNS that NetScaler is ADNS but it won't forward to lookup other external zone /records) What you need is 1. Need to create Normal LB Virtual Server Protocol = DNS bine with normal DNS service/service Group. This is your external DNS forwarder. 2. At Traffic Management > DNS > Name Server > you must add DNS Verserver Created from step 1. Here(This is important! It would tell Netscaler to go resolve external forwarder.) 3. At Traffic Management > DNS > xxxx 1. Create your NS record , 2. SOA Record, Zone 3. create PROXY MODE=NO that will make Netscaler as ADNS for that Zone. ** Youi need to create in this order 1, 2. 3. ** cannot create Zone PROXY MODE = NO without SOA record. 4. Add any Record Type as required A, MX, txt, SRV, cname, etc... 5. All the client would point to use the DNS VIP as the DNS server IP for lookup. Edited June 16, 2022 by OM Kaewsaenchai Add missing info. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now