This article covers the configuration of DNS delegation in GoDaddy DNS servers to allow Citrix ADC (NetScaler) to be authoritative for a DNS subdomain. For DNS subdomain \ subzone delegation to Citrix ADC for other popular domain registrars, please refer to the following articles:
- HowTo: Configure Network Solutions DNS for GSLB on Citrix ADC (NetScaler)
- HowTo: Configure 1and1 (IONOS) DNS for GSLB on Citrix ADC (NetScaler)
- HowTo: Configure GoDaddy DNS for GSLB on Citrix ADC (NetScaler)
- HowTo: Configure Namecheap DNS for GSLB on Citrix ADC (NetScaler)
Citrix Global Server Load Balancing (GSLB) is a powerful DNS-based load balancing feature commonly used to direct users to one web server over another for geo-proximity and/or resiliency. With the DNS subzone delegated to Citrix ADC, we enable Citrix ADC to make intelligent traffic routing decisions based on parameters we define within the configuration (which is highly extensible) and return the appropriate IP to the client according to those configurations.
This article does not go into the details on how GSLB works nor its leading practices for implementation, but you may refer to the following links for primers on the technology.
- Citrix Docs: Global Server Load Balancing
- Citrix Tech Zone: Reference Architecture: Application Delivery Controller – Global Server Load Balancing
- How DNS(Domain Name System) works with GSLB feature on NetScaler
- How to Configure GSLB on NetScaler Gateway
Delegating entire domains to Citrix ADC to act as a DNS server is also a popular design in customer environments, as Citrix has numerous policy-based DNS configurations which administrators can implement, avoiding the need for adding additional cost to their IT landscape.
Many purpose-built enterprise DNS solutions have straightforward controls for delegating other DNS serves to be authoritative for a subzone. When dealing with DNS registrars, however, the configurations may not appear to be as straightforward. This article is intended to help guide an administrator through DNS delegation to Citrix ADC for domains hosted by GoDaddy on the Internet.
- A purchased DNS domain with the registrar.
- Administrative rights to the DNS registrar in order to make DNS changes (or access to a competent team who can implement the instructions at your direction).
- ADNS IPs hosted on your Citrix ADCs (one on each GSLB Site within the GSLB mesh), that has a public IP (or ideally a NAT to the DMZ IP of the ADNS service on each respective GSLB Site).
- The ADNS server on the Citrix ADC should be configured as DNS type ADNS and ADNS_TCP to be compliant with DNS standards. This requires creating two ADNS services using the same IP.
- ADNS public IP ACLs for TCP and UDP 53.
Step 1 – Create Host A Records
From the GoDaddy admin console, navigate to “Manage Zones” under the DNS menu.
From here, start typing in the name of the desired domain to be configured and then select it.
The default list of DNS records is displayed to you. Toward the end of the list, click “ADD” and select “A” for the record type. The “Host” value will be the hostname of the name server (name as you wish), and the “Points to” value will be the ADNS public IP created on Citrix ADC.
Click “Save” once complete, to commit the change, repeat for other ADNS IPs. Create A records for each of your name servers defined on the Citrix ADCs in the GSLB mesh. In this example only one A record is created. However, in a real-world implementation, you will need to create an A record corresponding to the name server public IP for each ADNS server in the solution. For example, if you have 3 GSLB Sites, you may have configured 3 ADNS IPs to support the GSLB solution, so you’d create 3 A records (one for each). An ADNS server can be authoritative for multiple DNS zones.
Step 2 – Create NS Records
Back on the Manage Zones view for the domain, click “ADD” again. Select record of type “NS” which will mimic DNS delegation for the subzone we will be delegating to the Citrix ADC to be authoritative for. This concept may also be referred to as “Glue” records.
The host in this example is “gslb” but an alternate name can be chosen. However, it is important that the subzone name is used consistently as we will use it in the Citrix ADC configuration and in the CNAME configuration in a later step. The “Points to” value will be the A record DNS value created earlier in FQDN format.
Click “Save” and repeat the process for the other name servers which will be authoritative for the subzone. In each case, the subzone name (such as GSLB) will remain the same.
Step 3 – Create CNAME Record
Now we will create the last DNS record in the DNS registrar, the CNAME record which will direct requests for say… citrix.domain.com to citrix.gslb.domain.com. This will in effect direct DNS resolution for the user-friendly URL to the Citrix ADC to resolve (and thus return the most appropriate IP for the configured GSLB health and behaviour logic).
Click “ADD” once again and subsequently “Save” after populating the values similar as below. The TTL does not matter as the “points to” value would not change over the course of operation.
Step 4 – Create DNS Records on Each Citrix ADC
On each Citrix ADC within the GSLB mesh that has an ADNS IP, create Host A, NS, and SOA records. In the example below I have manually created A record for citrix.gslb.domain.com for the purposes of expedient testing, but in a true GSLB configuration, you would not create those records manually, the DNS FQDN you configure on the GSLB vServer would automatically populate this. Note that for Host A and NS records, you must create one for each of the ADNS public IPs on your Citrix ADCs that are participating in the GSLB mesh. These records should exist on all Citrix ADCs, which is where the GSLB sync option can come in handy to reduce effort and human error.
The examples below include all records for the DNS delegation series to date, to act merely as examples.
Citrix ADC Host A Records Example
Citrix ADC NS Records Example
Citrix ADC SOA Records Example
Step 5 – Test DNS Delegation
Most DNS registrars will forewarn up to 24+ hours to populate DNS records, however, in my case, I found changes were available very quickly. If after 15 minutes your test is unsuccessful, begin the usual routine of troubleshooting including:
- Reconfirming all DNS records were created with DNS registrar.
- The IPs used when creating DNS records were correct.
- Confirm ADNS IPs are reachable on the Citrix ADCs to rule out firewall issues (TCP and UDP 53 should be open to each ADNS IP from the Internet) by checking with firewall admin for blocks, and nslookup commands to manually query records against each ADNS IP.
- If GSLB has been configured, double-check the GSLB Site configurations are correct, and the DNS FQDN (in the format of hostname.gslb.domain.com, not hostname.domain.com!) is configured on the GSLB vServer.
In the test below, you will note the successful CNAME resolution for the user-friendly URL.
DNS configuration for Internet DNS registrars is often a bit more restricted than enterprise DNS platforms. It is our hope this article helps dispel confusion and enables administrators and consultants to successfully delegate DNS resolution for a GSLB subzone to Citrix ADCs out on the Internet.
Michael Shuster is Ferroque Systems’ Chief Architect and noted Citrix authority. A passionate virtualization and digital workspaces advocate, he has designed, engineered, or otherwise advised clients on Citrix, VMware, and Microsoft technology platforms across the globe.