LinkProof DNS Quick Start Guide



Similar documents
Configuration Example

How to Configure Split DNS

How to set up the Integrated DNS Server for Inbound Load Balancing

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

ASA/PIX: Load balancing between two ISP - options

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

Internet Load Balancing Guide. Peplink Balance Series. Peplink Balance. Internet Load Balancing Solution Guide

Inbound Load Balance. User Manual

nexvortex Setup Template

ExamPDF. Higher Quality,Better service!

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Chapter 3 Security and Firewall Protection

How to set up Inbound Load Balance under Drop-in Mode

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

How to Add Domains and DNS Records

Installing and Setting up Microsoft DNS Server

Application and service delivery with the Elfiq idns module

Configuring WAN Failover & Load-Balancing

SonicOS Enhanced 4.0: NAT Load Balancing

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

How To Guide Edge Network Appliance How To Guide:

- Domain Name System -

Availability Digest. Redundant Load Balancing for High Availability July 2013

Lesson Plans Managing a Windows 2003 Network Infrastructure

SonicWALL NAT Load Balancing

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Chapter 4 Customizing Your Network Settings

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Global Server Load Balancing (GSLB) Concepts

How To Set Up A Pploe On A Pc Orca On A Ipad Orca (Networking) On A Macbook Orca 2.5 (Netware) On An Ipad 2.2 (Netrocessor

Chapter 4 Customizing Your Network Settings

How to Configure the Windows DNS Server

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Supporting Multiple Firewalled Subnets on SonicOS Enhanced

Using IPsec VPN to provide communication between offices

Copyright

Balancing and Gateway Failover

LinkProof And VPN Load Balancing

TRUFFLE Broadband Bonding Network Appliance BBNA6401. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Configuring a Domain to work with your Server

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

Link Load Balancing :50:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

CheckPoint Software Technologies LTD. How to Configure Firewall-1 With Connect Control

F-Secure Messaging Security Gateway. Deployment Guide

NAT (Network Address Translation)

IP Address and Pre-configuration Information

Configuring Network Address Translation (NAT)

Broadband Phone Gateway BPG510 Technical Users Guide

Copyright

Introduction to Network Operating Systems

VPN Configuration Guide. Dealing with Identical Local and Remote Network Addresses

The Erado Hosted Messaging Installation Process Erado Hosted Mail Services with Domain Transfer

Lab - Observing DNS Resolution

1 You will need the following items to get started:

Networking Domain Name System

Multi-Homing Security Gateway

Application Note. Cell Janus Load Balancing Algorithms Technical Overview

For extra services running behind your router. What to do after IP change

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

UIP1868P User Interface Guide

Overview Chapter 1: Initial Setup Quick Install Instructions Chapter 2: Interfaces LAN... 7 WAN... 8

BroadCloud PBX Customer Minimum Requirements

Microsoft Exchange Load Balancing. Unique Applied Patent Technology By XRoads Networks

ZyWALL USG ZLD 3.0 Support Notes

Setting up Microsoft Office 365

Digi Connect WAN Application Helper Configuring and Testing the Digi Connect WAN GSM

Setting up Microsoft Office 365

Chapter 5 Customizing Your Network Settings

The Bomgar Appliance in the Network

Creating a VPN with overlapping subnets

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

BT Business Total Broadband with Intelligent Gateway

Domain Name System Server Round-Robin Functionality for the Cisco AS5800

WARP 3.0 Table of Contents

Network Address Translation (NAT)

Application Description

Installing GFI MailEssentials

Radware s Multi-homing Solutions

ERserver. iseries. TCP/IP routing and workload balancing

How To Configure Virtual Host with Load Balancing and Health Checking

The Use of DNS Resource Records

Allworx 10x Networking White Paper

FAQ: BroadLink Multi-homing Load Balancers

Layer 2 Networking. Overview. VLANs. Tech Note

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Citrix NetScaler Global Server Load Balancing Primer:

LAN TCP/IP and DHCP Setup

A Link Load Balancing Solution for Multi-Homed Networks

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

Installing GFI MailEssentials

Configuring IP Load Sharing in AOS Quick Configuration Guide

Appendix C Network Planning for Dual WAN Ports

Polycom. RealPresence Ready Firewall Traversal Tips

Network Security Topologies. Chapter 11

Installing GFI MailSecurity

Transcription:

LinkProof DNS Quick Start Guide

TABLE OF CONTENTS 1 INTRODUCTION...3 2 SIMPLE SCENARIO SINGLE LINKPROOF WITH EXTERNAL SOA...3 3 MODIFYING DNS ON THE EXTERNAL SOA...4 3.1 REFERRING THE A RECORD RESOLUTION TO LINKPROOF... 4 3.2 ADDING A REDUNDANT (BACKUP) LINKPROOF DEVICE... 5 4 COMPLETE SETUP REDUNDANT LINKPROOF DEVICES WITH MULTIPLE INTERNAL SOAS...6

1 Introduction To provide inbound load balancing and redundancy, LinkProof uses DNS resolution to control the flow of incoming traffic. This document describes how to configure LinkProof with DNS. It assumes that: You are familiar with configuring LinkProof s interface addresses and Next Hop Routers. For more information on setting up LinkProof, refer to the LinkProof User Guide. You have a working knowledge of DNS. For more information on DNS, refer to DNS and Bind, published by O Reilly & Associates. You have familiarity with setting up redundancy. Although LinkProof has a built-in DNS agent, it is not a full DNS server. It cannot answer queries for NS records, CNAMES, or MX records. Only record requests that match URLs listed in the LinkProof DNS > Name to Local IP table receive a response. 2 Simple Scenario Single LinkProof with External SOA This section describes a typical (simple) scenario for configuring LinkProof with an external SOA (see Figure 1). COMPANY.COM has one internet link, ISP1. This ISP currently answers all requests for www.company.com. With the installation of a new internet link, COMPANY adds a LinkProof device. Note: The examples in this document use non-routable addresses. An actual installation would require public, routable addresses. Figure 1 Single LinkProof with External SOA Page 3

To set up a single LinkProof device with external SOA 1. Set up static NAT addresses for the Web server using the following LinkProof panes: LinkProof > Global Configuration > Enable Smart Nat LinkProof > SmartNAT > Static NAT > Insert rows Because LinkProof handles the public addresses in this example, use the following static NAT settings: STATIC NAT ROUTER LOCAL SERVER 192.168.1.100 ISP1 172.16.1.100 10.1.1.100 ISP2 172.16.1.100 2. Configure DNS to Local IP using LinkProof > DNS > Name to Local IP. URL LOCAL IP ADDRESS www.company.com 172.16.1.100 Note: Use the internal address of the server, not the static NAT addresses. This enables LinkProof to answer queries for www.company.com, and lookups directed to the LinkProof device interfaces return static NAT addresses (such as 192.168.1.10 and 10.1.1.10). Because most of the world will be querying ISP1 s DNS server, you have to modify the zone file so that the requests go to the LinkProof device. 3 Modifying DNS on the External SOA The original zone file for COMPANY.COM on ISP1 s DNS server might look like the following example: COMPANY.COM @ IN SOA ns.company.com IN MX mail WWW IN A 192.168.1.100 MAIL IN A 192.168.1.101 3.1 Referring the A Record Resolution to LinkProof Make the following changes to the zone file: COMPANY.COM @ IN SOA ns.company.com IN MX mail WWW IN NS linkproof1 WWW IN NS linkproof2 MAIL IN NS linkproof1 MAIL IN NS linkproof2 LINKPROOF1 IN A 192.168.1.10 LINKPROOF2 IN A 10.1.1.10 Page 4

This delegates the final answer to LinkProof. Initially, the client queried the DNS server and received the IP address. Now, the client queries the DNS server, which tells the client to query the LinkProof device at one of the ISP interface addresses. The client then queries the LinkProof interface IP address, and is given the static NAT address for www.company.com, choosing the best route to establish the connection based on load balancing or proximity. Two NS records are used and returned to the client because the external DNS server is not aware if either of the links is down. Providing both ISP interfaces for LinkProof as A records is necessary to properly delegate the query. The SOA can be made to round robin the NS records it provides so that DNS queries are actively sent to each ISP. Note: In Windows 2000, adding an NS record is called New Delegation. The following is a summary of the query flows in this configuration: Client (to ISP): ISP DNS: Client (to ISP): Where is www.company.com? Does not know, ask LinkProof 1.company.com or LinkProof 2.company.com. (This is the delegation) Where is LinkProof 1.company.com? ISP DNS: 192.168.1.10 Client (to LP1): Where is www.company.com? LinkProof 1: 192.168.1.100 The same zone file would apply to multiple DNS servers, so that COMPANY.COM can register ISP1 s DNS server as well as ISP2 s DNS server as the SOA (thus eliminating an additional point of failure). 3.2 Adding a Redundant (Backup) LinkProof Device Adding a backup LinkProof is straightforward and does not require many changes to the configuration as described in Section 3.1 Referring the A Record Resolution to LinkProof. The changes entail duplicating on the backup device the static NAT addresses that exist on the primary device (setting them to backup mode) the DNS to Local IP table. To add a redundant (backup) LinkProof device 1. Create a DNS virtual IP address. This is an additional, unique IP address for each ISP subnet. On the primary device, you create the following entries using LinkProof > DNS > DNS Virtual IP: COMPANY.COM @ IN SOA ns.company.com IN MX mail WWW IN NS linkproof1 WWW IN NS linkproof2 MAIL IN NS linkproof1 MAIL IN NS linkproof2 LINKPROOF1 IN A 192.168.1.11 LINKPROOF2 IN A 10.1.1.11 Page 5

2. On the backup device, the same entries are created, but the mode is set to backup. The zone file shows that the LINKPROOF 1 and LINKPROOF 2 IP addresses are now n.n.n.11 instead of n.n.n.10. 4 Complete Setup Redundant LinkProof Devices with Multiple Internal SOAs If COMPANY.COM requires adding a second firewall and bringing the SOA in-house, the firewalls themselves run DNS services, and DNS requests should be load-balanced between them. Note: This also applies if the DNS servers are behind a DMZ. Figure 2 illustrates the configuration for such a network. This configuration assume the firewalls answer DNS on a unique IP address, rather than their interface addresses, and NAT traffic from the internal LAN to a unique IP address. In this way, LinkProof can differentiate outbound LAN traffic from inbound DNS or Web requests. While it is possible that all traffic (in and out) can be translated to the firewall s interface address, such a setup is covered separately in this document. Figure 2 Redundant LinkProof Devices with Multiple Internal SOAs The following are the interface, DNS, and NAT settings for this configuration: Name Interface Address DNS Address NAT address FIREWALL-A 172.168.1.30 172.168.1.40 172.168.1.50 FIREWALL-B 172.168.1.31 172.168.1.41 172.168.1.51 To configure a redundant LinkProof device with multiple internal SOAs 1. Create a Virtual IP rather than the static NATs configured in Section 3.1 Referring to A Record Resolution to LinkProof. From the LinkProof > Virtual IP pane, define a single, private IP address (172.168.1.100) which is mapped to the DNS addresses on each firewall (172.168.1.40 and 172.168.1.41). 2. Create a Static NAT address for each ISP subnet, and use the Virtual IP as the local server using the LinkProof > Smart NAT > Static NAT pane. These two static NAT entries are registered as the SOA name servers with Network Solutions. Note: If you are using internal DNS servers, you need to modify the LinkProof proximity parameters. Because an internal DNS server queries LinkProof for the A record, you configure LinkProof to ignore proximity calculations to these servers (otherwise, LinkProof calculates proximity for the internal subnet). When DNS requests from the Internet arrive at the static NAT addresses, they are load balanced between the two firewalls (using the same algorithm that is used for NHR load balancing). Each firewall is configured with a zone file similar to the Section 3.1 Referring to A Record Resolution to LinkProof, so that the handling of the A record (the final, destination IP address) is referred to LinkProof s interface (or virtual DNS address). Page 6

Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information