HowTo: Configure Network Solutions DNS for GSLB on Citrix ADC (NetScaler)

network solutions dns gslb configuration for citrix adc


This article covers the configuration of DNS delegation in Network Solutions DNS servers to allow Citrix ADC (NetScaler) to be authoritative for a DNS subdomain. For DNS subdomain \ subzone delegation to Citrix ADC for other popular domain registrars, please refer to the following articles:

Citrix Global Server Load Balancing (GSLB) is a powerful DNS-based load balancing feature commonly used to direct users to one web server over another for geo-proximity and/or resiliency. With the DNS subzone delegated to Citrix ADC, we enable Citrix ADC to make intelligent traffic routing decisions based on parameters we define within the configuration (which is highly extensible) and return the appropriate IP to the client according to those configurations.

This article does not go into the details on how GSLB works nor its leading practices for implementation, but you may refer to the following links for primers on the technology.

Delegating entire domains to Citrix ADC to act as a DNS server is also a popular design in customer environments, as Citrix has numerous policy-based DNS configurations which administrators can implement, avoiding the need for adding additional cost to their IT landscape.

Many purpose-built enterprise DNS solutions have straightforward controls for delegating other DNS serves to be authoritative for a subzone. When dealing with DNS registrars, however, the configurations may not appear to be as straightforward. This article is intended to help guide an administrator through DNS delegation to Citrix ADC for domains hosted by Network Solutions on the Internet.

Worth noting that it will take you longer to get through the website and skip an onslaught of upselling advertisements than to actually create the necessary DNS records. This DNS provider is utterly infuriating in this respect, let alone providing the least value for the highest cost across (in my personal observation) the DNS registrars I have worked with.


  • A purchased DNS domain with the registrar.
  • Administrative rights to the DNS registrar in order to make DNS changes (or access to a competent team who can implement the instructions at your direction).
  • ADNS IPs hosted on your Citrix ADCs (one on each GSLB Site within the GSLB mesh), that has a public IP (or ideally a NAT to the DMZ IP of the ADNS service on each respective GSLB Site).
  • The ADNS server on the Citrix ADC should be configured as DNS type ADNS and ADNS_TCP to be compliant with DNS standards. This requires creating two ADNS services using the same IP.
  • ADNS public IP ACLs for TCP and UDP 53.

Step 1 – Create Host A Records

Once logged into the Network Solutions administration console, navigate to the Domain Names section and select the domain to be worked with. Click “Edit Advanced DNS Records”.

Networksolutions advanced DNS control panel for configuring Citrix NetScaler ADC GSLB settings

For this registrar, the various DNS record types are compartmentalized into different sections. Under “IP Address (A Records)”, click “EDIT A RECORDS”.

The “Host” value will be the hostname of the name server (name as you wish), and the “Numeric IP” value will be the ADNS public IP created on Citrix ADC.

Repeat for other ADNS IPs. Create A records for each of your name servers defined on the Citrix ADCs in the GSLB mesh. In this example only one A record is created. However, in a real-world implementation, you will need to create an A record corresponding to the name server public IP for each ADNS server in the solution. For example, if you have 3 GSLB Sites, you may have configured 3 ADNS IPs to support the GSLB solution, so you’d create 3 A records (one for each). An ADNS server can be authoritative for multiple DNS zones.

Once the entries are populated, click “CONTINUE” at the end of the page to commit the new changes.

Networksolutions configure A record for Citrix ADC NetScaler GSLB subzone delegation

Step 2 – Create NS Records

Back on the Advanced DNS page, scroll down to the “Nameserver (NS) Records for Subdomains” section and click “EDIT NS RECORDS”.

The “Subdomain” in this example is “gslb” but an alternate name can be chosen. However, it is important that the subzone name is used consistently as we will use it in the Citrix ADC configuration and in the CNAME configuration in a later step. The “NameServer” value will be the A record DNS value created earlier in FQDN format.

Repeat the process for the other name servers which will be authoritative for the subzone in subsequent entries on the page. In each case, the subzone name (such as GSLB) will remain the same.

Networksolutions configure subdomain ns records for Citrix ADC NetScaler GSLB delegation

Once the entries are populated, click “CONTINUE” at the end of the page to commit the new changes.

Step 3 – Create CNAME Record

Back on the Advanced DNS page, scroll down to the “Host Aliases (CNAME Records)” section and click “EDIT CNAME RECORDS”.

Now we will create the last DNS record in the DNS registrar, the CNAME record which will direct requests for say… to This will in effect direct DNS resolution for the user-friendly URL to the Citrix ADC to resolve (and thus return the most appropriate IP for the configured GSLB health and behaviour logic).

For “Alias” specify the hostname (in our example ‘citrix’), ignore TTL as it isn’t relevant to our deployment behaviour, and click the radio button on “Other Host” field and enter the FQDN including the subzone.

Networksolutions CNAME record creation for Citrix NetScaler ADC GSLB delegation

Once the entry is populated, click “CONTINUE” at the end of the page to commit the new changes.

Step 4 – Create DNS Records on Each Citrix ADC

On each Citrix ADC within the GSLB mesh that has an ADNS IP, create Host A, NS, and SOA records. In the example below I have manually created A record for for the purposes of expedient testing, but in a true GSLB configuration, you would not create those records manually, the DNS FQDN you configure on the GSLB vServer would automatically populate this.  Note that for Host A and NS records, you must create one for each of the ADNS public IPs on your Citrix ADCs that are participating in the GSLB mesh. These records should exist on all Citrix ADCs, which is where the GSLB sync option can come in handy to reduce effort and human error.

The examples below include all records for the DNS delegation series to date, to act merely as examples.

Citrix ADC Host A Records Example

Citrix NetScaler ADC GSLB host A records example

Citrix ADC NS Records Example

Citrix NetScaler ADC name server NS records example

Citrix ADC SOA Records Example

Citrix NetScaler ADC SOA DNS records for GSLB Example

Step 5 – Test DNS Delegation

Most DNS registrars will forewarn up to 24+ hours to populate DNS records, however, in my case, I found changes were available very quickly. If after 15 minutes your test is unsuccessful, begin the usual routine of troubleshooting including:

  • Reconfirming all DNS records were created with DNS registrar.
  • The IPs used when creating DNS records were correct.
  • Confirm ADNS IPs are reachable on the Citrix ADCs to rule out firewall issues (TCP and UDP 53 should be open to each ADNS IP from the Internet) by checking with firewall admin for blocks, and nslookup commands to manually query records against each ADNS IP.
  • If GSLB has been configured, double-check the GSLB Site configurations are correct, and the DNS FQDN (in the format of, not!) is configured on the GSLB vServer.

In the test below, you will note the successful CNAME resolution for the user-friendly URL.

Quick Tip: Andrew Gravett (Citrix Alumnus) has reminded me that we can conduct command-line ‘dig’ or ‘nslookup’ against our ADC DNS IPs to ensure firewall ACLs and public NATs are working correctly. Citrix has a great guide on using the dig command at this link. for example: dig @<public DNS IP> should pump out a chunk of data with an answer section indicating the IP and record type of the FQDN I was testing against.


DNS configuration for Internet DNS registrars is often a bit more restricted than enterprise DNS platforms. It is our hope this article helps dispel confusion and enables administrators and consultants to successfully delegate DNS resolution for a GSLB subzone to Citrix ADCs out on the Internet.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x