The primary goals of DNS proxy is for the A10 to modify specific records/responses without making the A10 the authoritative DNS server for a domain/sub-domain.
As a general guideline, for proxy mode you will want to make sure to have your DNS VIP with gslb enable. This VIP will need a service-group with your backend/real dns servers. Before setting up the GSLB features, you will want to make sure that dns traffic is load balanced properly when querying the VIP. (May need to add something like source-nat to the VIP to help with routing)
For GSLB, you will want to configure it normally as if it were authoritative which includes service-ips, sites, policy, and gslb zone+ service. Make sure that the fqdn corresponds to the records you want to change. For this, set the gslb policy with the feature ip-replace. For each record under the zone and service, add the feature as-replace.
I hope this is beneficial to get a basic config working. With all GSLB configuration, most of the tuning is done through the policy. I'd also encourage anyone with complex requirements/deployments to reach out to your SE with A10 .
Lawrence Ho | Professional Services Network Engineer
1) Yes, you will want the A10 GSLB VIP to be configured as an ns record on your external DNS provider. You could also setup a delegation on the external dns pointing to the A10 GSLB VIP. Another way would be to create a cname record pointing to a different subdomain that the A10 is authoritative for.
2) I think you are referring on how to specify the A10's responses. This is done under each zone and then under the specific service. Here's a quick example from the CLI:
gslb zone example.com service 80 test dns-a-record vip1 static dns-a-record vip2 static
madyk83
Member ✭
Comments
Documentation can be downloaded here on our website under each code release:
https://www.a10networks.com/support/axseries/software-downloads
The primary goals of DNS proxy is for the A10 to modify specific records/responses without making the A10 the authoritative DNS server for a domain/sub-domain.
As a general guideline, for proxy mode you will want to make sure to have your DNS VIP with gslb enable. This VIP will need a service-group with your backend/real dns servers. Before setting up the GSLB features, you will want to make sure that dns traffic is load balanced properly when querying the VIP. (May need to add something like source-nat to the VIP to help with routing)
For GSLB, you will want to configure it normally as if it were authoritative which includes service-ips, sites, policy, and gslb zone+ service. Make sure that the fqdn corresponds to the records you want to change. For this, set the gslb policy with the feature ip-replace. For each record under the zone and service, add the feature as-replace.
I hope this is beneficial to get a basic config working. With all GSLB configuration, most of the tuning is done through the policy. I'd also encourage anyone with complex requirements/deployments to reach out to your SE with A10 .
Lawrence Ho | Professional Services Network Engineer
Example if i have purchased domain name called example.com from godaddy provider
1> when we deploy DNS proxy, are we need to add both location (GSLB) DNS public VIP ip in external DNS provider(godaddy) as NS record entry ?
2> and in A10 we need to add as "A" Record with site name.?
2) I think you are referring on how to specify the A10's responses. This is done under each zone and then under the specific service. Here's a quick example from the CLI:
gslb zone example.com
service 80 test
dns-a-record vip1 static
dns-a-record vip2 static