Global Load Balancing : Configuring a Global DNS policy
 
Configuring a Global DNS policy
The Global DNS policy is a rulebase that matches traffic to DNS zones. Traffic that matches both source and destination criteria is served by the policy. Traffic that does not match any policy is served by the DNS “general settings” configuration.
Before you begin:
You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
You must have configured address objects, remote servers, DNS zones, and optional configuration objects you want to specify in your policy.
You must have Read-Write permission for Global DNS Load Balance settings.
To configure the global DNS policy rulebase:
1. Go to Global DNS Server > Global DNS Policy.
The configuration page displays the Global DNS Policy tab.
2. Click Add to display the configuration editor.
3. Complete the configuration as described in Table 34.
4. Save the configuration.
5. Reorder rules, as necessary.
Table 34: DNS policy configuration
Settings
Guidelines
Name
Unique name. No spaces or special characters.
After you initially save the configuration, you cannot edit the name.
Source
Select an address object to specify the source match criteria. See “Configuring an address group”.
Destination
Select an address object to specify the destination match criteria. See “Configuring an address group”.
Zone List
Select one or more zone configurations to serve DNS requests from matching traffic. See “Configuring DNS zones”.
DNS64 List
Select one or more DNS64 configurations to use when resolving IPv6 requests. See “Configuring DNS64”.
Recursion
Enables/disables recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.
DNSSEC
Enables/disables DNSSEC.
DNSSEC Validation
Enables/disables DNSSEC validation.
Forward
First—The DNS server queries the forwarders list before doing its own DNS lookup.
Only—Only queries the forwarders list. Does not perform its own DNS lookups.
Forwarders
If the DNS server zone has been configured as a forwarder, select the remote DNS servers to which it forwards requests. See “Configuring remote DNS servers”.
Response Rate Limit
Select a rate limit configuration object. See “Configuring the response rate limit”.
Reordering
After you have saved a rule, reorder rules as necessary. The rules table is consulted from top to bottom. The first rule that matches is applied and subsequent rules are not evaluated.