Global Load Balancing : Configuring a Global DNS policy
Configuring a Global DNS policy
The Global DNS policy is a rulebase that matches traffic to DNS zones. Traffic that matches both source and destination criteria is served by the policy. Traffic that does not match any policy is served by the DNS “general settings” configuration.
Before you begin:
You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
You must have configured address objects, remote servers, DNS zones, and optional configuration objects you want to specify in your policy.
You must have Read-Write permission for Global DNS Load Balance settings.
To configure the global DNS policy rulebase:
1. Go to Global Load Balance > Zone Tools.
2. Click the Global DNS Policy tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in Table 43.
5. Save the configuration.
6. Reorder rules, as necessary.
Table 43: Global DNS policy configuration
Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
After you initially save the configuration, you cannot edit the name.
Select an address object to specify the source match criteria. See “Configuring an address group”.
Select an address object to specify the destination match criteria. See “Configuring an address group”.
Zone List
Select one or more zone configurations to serve DNS requests from matching traffic. See “Configuring DNS zones”.
DNS64 List
Select one or more DNS64 configurations to use when resolving IPv6 requests. See “Configuring DNS64”.
Enables/disables recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.
Enables/disables DNSSEC.
DNSSEC Validation
Enables/disables DNSSEC validation.
First—The DNS server queries the forwarders list before doing its own DNS lookup.
Only—Only queries the forwarders list. Does not perform its own DNS lookups.
Note: The internal server caches the results it learns from the forwarders, which optimizes subsequent lookups.
If the DNS server zone has been configured as a forwarder, select the remote DNS server to which it forwards requests. See “Configuring remote DNS servers”.
Response Rate Limit
Select a rate limit configuration object. See “Configuring the response rate limit”.
After you have saved a rule, reorder rules as necessary. The rules table is consulted from top to bottom. The first rule that matches is applied and subsequent rules are not evaluated.