DNS Records Test
You can configure the Citrix ADC appliance to function as an authoritative domain name server (ADNS server) for a domain. As an ADNS server for a domain, the Citrix ADC resolves DNS requests for all types of DNS records that belong to the domain. Add the DNS resource records that belong to the domain for which the appliance is authoritative and configure resource record parameters. The maximum number of records of each type that the Citrix ADC can support is also pre-set.
You can also configure the appliance as a proxy DNS server that load balances a farm of DNS name servers that are either within or outside your network. .
Also, by default, the Citrix ADC appliance caches responses from DNS name servers. When the appliance receives a DNS query, it checks for the queried domain in its cache. If the address for the queried domain is present in its cache, the Citrix ADC returns the corresponding address to the client. Otherwise, it forwards the query to a DNS name server that checks for the availability of the address and returns it to the Citrix ADC. The Citrix ADC then returns the address to the client.
For requests for a domain that has been cached earlier, the Citrix ADC serves the Address record of the domain from the cache without querying the configured DNS server.
Citrix administrators may want to periodically audit DNS clients and responses to client requests, so that they can proactively detect problems in responsiveness and troubleshoot them. Problems such as frequent cache misses and an unusually high number of malformed responses can severely impair responsiveness. Administrators should also be notified if there are more number of records for any record type than the pre-set limit; such an anomaly can be indicative of malicious DNS attacks, which should be prevented at all costs. To perform these critical DNS audits and to capture abnormalities on-the-fly, administrators can use the DNS Records test.
This test tracks requests from and responses to DNS clients, and alerts administrators to malformed responses. The test also continuously monitors cache usage, and notifies administrators if the cache is unable to service DNS requests consistently. The test also reports if there are more entries for a record than what the appliance can support.
Target of the test : A Citrix ADC VPX/MPX
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the Citrix ADC being monitored
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The IP address of the host for which the test is being configured. |
|
NetScaler Username, NetScaler Password, and Confirm Password |
To monitor a ADC device, the eG agent should be configured with the credentials of a user with read-only privileges to the target ADC device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes. Then, confirm the password by retyping it in the Confirm Password text box. |
|
SSL |
The eG agent collects performance metrics by invoking NITRO (ADC Interface Through Restful interfaces and Objects) APIs on the target ADC device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target ADC device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Requests |
Indicates the number of DNS queries received during the last measurement period. |
Number |
|
|
Responses |
Indicates the number of DNS server responses processed during the last measurement period. |
Number |
|
|
Current entries |
Indicates the number of DNS entries recorded during the last measurement period. |
Number |
|
|
Current records |
Indicates the number of DNS records that were available on the ADC during the last measurement period. |
Number |
|
|
Current DNS record entries |
Indicates the total number of DNS record entries during the last measurement period. |
Number |
|
|
Proactive updates |
Indicates the number of proactive updates that occurred during the last measurement period. |
Number |
The appliance discards a record stored in its cache when the time-to-live (TTL) value of the record reaches the configured value. A client that requests an expired record has to wait until the Citrix ADC retrieves the record from the server and updates its cache. To avoid this delay, the Citrix ADC proactively updates the cache by retrieving the record from the server before the record expires. |
|
DNS records with more entries |
Indicates the total number of times you have received DNS records with more entries than that you support. |
Number |
The following table lists the record types that you can configure for a domain name record on the Citrix ADC appliance, and the maximum number of DNS records that you can configure for each type.
If any record type has more entries than the maximum limit indicated by the table above, then the value of this measure will get incremented. |
|
Malformed responses received |
Indicates the total number of times we have received malformed responses from the backend during the last measurement period. |
Number |
Ideally, the value of this measure should be 0 or very low. |
|
Non-cname records received |
Indicates the total number of times we have received non-cname records for a domain during the last measurement period. |
Number |
|
|
Cache misses |
Indicates the total number of cache misses during the last measurement period. |
Number |
Ideally, the value of this measure should be 0 or very low. A high value is indicative of poor cache usage. In other words, it means that a majority of DNS queries are not being processed by the cache, but by the the DNS name server. A high cache miss ratio can result in query processing latencies. |
