Skip to main content

Introduction

This article covers the configuration of DNS delegation in Namecheap DNS servers to allow Citrix ADC (NetScaler) to be authoritative for a DNS subdomain. For DNS subdomain \ subzone delegation to Citrix ADC for other popular domain registrars, please refer to the following articles:

Citrix Global Server Load Balancing (GSLB) is a powerful DNS-based load balancing feature commonly used to direct users to one web server over another for geo-proximity and/or resiliency. With the DNS subzone delegated to Citrix ADC, we enable Citrix ADC to make intelligent traffic routing decisions based on parameters we define within the configuration (which is highly extensible) and return the appropriate IP to the client according to those configurations.

This article does not go into the details on how GSLB works nor its leading practices for implementation, but you may refer to the following links for primers on the technology.

Delegating entire domains to Citrix ADC to act as a DNS server is also a popular design in customer environments, as Citrix has numerous policy-based DNS configurations which administrators can implement, avoiding the need for adding additional cost to their IT landscape.

Many purpose-built enterprise DNS solutions have straightforward controls for delegating other DNS serves to be authoritative for a subzone. When dealing with DNS registrars, however, the configurations may not appear to be as straightforward. This article is intended to help guide an administrator through DNS delegation to Citrix ADC for domains hosted by Namecheap on the Internet.

Prerequisites

  • A purchased DNS domain with the registrar.
  • Administrative rights to the DNS registrar in order to make DNS changes (or access to a competent team who can implement the instructions at your direction).
  • ADNS IPs hosted on your Citrix ADCs (one on each GSLB Site within the GSLB mesh), that has a public IP (or ideally a NAT to the DMZ IP of the ADNS service on each respective GSLB Site).
  • The ADNS server on the Citrix ADC should be configured as DNS type ADNS and ADNS_TCP to be compliant with DNS standards. This requires creating two ADNS services using the same IP.
  • ADNS public IP ACLs for TCP and UDP 53.

Step 1 – Create Host A Records

Log into Namecheap and navigate to the domain list. Click “MANAGE” beside the domain which will have a delegated subzone to Citrix ADC.

Navigate to Namecheap DNS list for Citrix ADC NetScaler DNS delegation

Navigate to the “Advanced DNS” tab. In this location, we can create various DNS record type, and commit the changes individually, or add numerous records in one go and save all changes at once, saving a few mouse clicks.

Namecheap Advanced DNS view to create GSLB DNS delegation records

Click “ADD NEW RECORD” to create our first record. Select “A Record”. The “Host” value will be the hostname of the name server (name as you wish), and the “Value” value will be the ADNS public IP created on Citrix ADC.

Create A records for each of your name servers defined on the Citrix ADCs in the GSLB mesh. In this example only one A record is created. However, in a real-world implementation, you will need to create an A record corresponding to the name server public IP for each ADNS server in the solution. For example, if you have 3 GSLB Sites, you may have configured 3 ADNS IPs to support the GSLB solution, so you’d create 3 A records (one for each). An ADNS server can be authoritative for multiple DNS zones.

Namecheap create Host A record for Citrix ADC NetScaler GSLB delegation

Click the checkmark to the right of the entry to commit\save the change.

Step 2 – Create NS Records

Click “ADD NEW RECORD” to create our next record. Select record of type “NS Record” which will mimic DNS delegation for the subzone we will be delegating to the Citrix ADC to be authoritative for. This concept may also be referred to as “Glue” records.

The host in this example is “gslb” but an alternate name can be chosen. However, it is important that the subzone name is used consistently as we will use it in the Citrix ADC configuration and in the CNAME configuration in a later step. The “Points to” value will be the A record DNS value created earlier in FQDN format.

Namecheap create NS record for DNS delegation to Citrix ADC, also known as Glue record

Click the checkmark to the right of the entry to commit\save the change, and repeat the process for the other name servers which will be authoritative for the subzone. In each case, the subzone name (such as GSLB) will remain the same.

Step 3 – Create CNAME Record

Now we will create the last DNS record in the DNS registrar, the CNAME record which will direct requests for say… citrix.domain.com to citrix.gslb.domain.com. This will in effect direct DNS resolution for the user-friendly URL to the Citrix ADC to resolve (and thus return the most appropriate IP for the configured GSLB health and behaviour logic).

Click “ADD NEW RECORD” once again.

Namecheap CNAME record for Citrix NetScaler ADC GSLB subzone delegation

Click the checkmark to the right of the entry to commit\save the change.

Step 4 – Create DNS Records on Each Citrix ADC

On each Citrix ADC within the GSLB mesh that has an ADNS IP, create Host A, NS, and SOA records. In the example below I have manually created A record for citrix.gslb.domain.com for the purposes of expedient testing, but in a true GSLB configuration, you would not create those records manually, the DNS FQDN you configure on the GSLB vServer would automatically populate this.  Note that for Host A and NS records, you must create one for each of the ADNS public IPs on your Citrix ADCs that are participating in the GSLB mesh. These records should exist on all Citrix ADCs, which is where the GSLB sync option can come in handy to reduce effort and human error.

The examples below include all records for the DNS delegation series to date, to act merely as examples.

Citrix ADC Host A Records Example

Citrix NetScaler ADC GSLB host A records example

Citrix ADC NS Records Example

Citrix NetScaler ADC name server NS records example

Citrix ADC SOA Records Example

Citrix NetScaler ADC SOA DNS records for GSLB Example

Step 5 – Test DNS Delegation

Most DNS registrars will forewarn up to 24+ hours to populate DNS records, however, in my case, I found changes were available very quickly. If after 15 minutes your test is unsuccessful, begin the usual routine of troubleshooting including:

  • Reconfirming all DNS records were created with DNS registrar.
  • The IPs used when creating DNS records were correct.
  • Confirm ADNS IPs are reachable on the Citrix ADCs to rule out firewall issues (TCP and UDP 53 should be open to each ADNS IP from the Internet) by checking with firewall admin for blocks, and nslookup commands to manually query records against each ADNS IP.
  • If GSLB has been configured, double-check the GSLB Site configurations are correct, and the DNS FQDN (in the format of hostname.gslb.domain.com, not hostname.domain.com!) is configured on the GSLB vServer.

In the test below, you will note the successful CNAME resolution for the user-friendly URL.

Quick Tip: Andrew Gravett (Citrix Alumnus) has reminded me that we can conduct command-line ‘dig’ or ‘nslookup’ against our ADC DNS IPs to ensure firewall ACLs and public NATs are working correctly. Citrix has a great guide on using the dig command at this link. for example: dig @<public DNS IP> citrix.gslb.ferroque.systems should pump out a chunk of data with an answer section indicating the IP and record type of the FQDN I was testing against.

Conclusion

DNS configuration for Internet DNS registrars is often a bit more restricted than enterprise DNS platforms. It is our hope this article helps dispel confusion and enables administrators and consultants to successfully delegate DNS resolution for a GSLB subzone to Citrix ADCs out on the Internet.

  • Michael Shuster
    Michael Shuster

    Michael is Ferroque's founder and a noted Citrix authority, overseeing operations and service delivery while keeping a hand in the technical cookie jar. He is a passionate advocate for end-user infrastructure technology, with a rich history designing and engineering solutions on Citrix, NetScaler, VMware, and Microsoft tech stacks.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments

Redefine Your Approach to Technology and Innovation

Schedule a call to discover how customized solutions crafted for your success can drive exceptional outcomes, with Ferroque as your strategic ally.