DNS Test

You can configure the Citrix NetScaler appliance to function as an authoritative domain name server (ADNS server) for a domain. You can add the DNS resource records that belong to the domain for which the appliance is authoritative and configure resource record parameters. You can also configure the NetScaler appliance as a proxy DNS server that load balances a farm of DNS name servers that are either within your network or outside your network. You can configure the appliance as an end resolver and forwarder. You can configure DNS suffixes that enable name resolution when fully qualified domain names are not configured. The appliance also supports the DNS ANY query that retrieves all the records that belong to a domain.

Using the DNS test, you can monitor the DNS queries to the NetScaler appliance, and evaluate how efficiently the appliance handles these queries. DNS requests that were refused and invalid responses that were sent can thus be promptly detected, and their reasons investigated.

Target of the test : A NetScaler VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the NetScaler appliance being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which the test is being configured.

NetScaler Username and NetScaler Password

To monitor a NetScaler device, the eG agent should be configured with the credentials of a user with read-only privileges to the target NetScaler device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes.

Confirm Password

Confirm the NetScaler Password by retyping it here.

SSL

The eG agent collects performance metrics by invoking NITRO (NetScaler Interface Through Restful interfaces and Objects) APIs on the target NetScaler device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target NetScaler device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

DNS queries received

Indicates the number of DNS queries received during the last measurement period.

Number

 

Authoritatively answered queries

Indicates the number of queries that were authoritatively answered during the last measurement period.

Number

An ADNS (Authoritative DNS) server is a DNS server that contains complete information about a zone. To configure the NetScaler as an ADNS server for a zone, you must add an ADNS service, and then configure the zone. To do so, you add valid SOA (Start of Authority) and NS records for the domain. When a client sends a DNS request, the NetScaler appliance searches the configured resource records for the domain name. You can delegate a subdomain, by adding NS records for the subdomain to the zone of the parent domain. You can then make the NetScaler authoritative for the subdomain, by adding a "glue record" for each of the subdomain name servers. If GSLB is configured, the NetScaler makes a GSLB load balancing decision based on its configuration and replies with the IP address of the selected virtual server.

Multi query requests received

Indicates the number of multi query requests received during the last measurement period.

Number

 

Server queries sent

Indicates the number of server queries sent during the last measurement period.

Number

 

DNS responses received

Indicates the number of DNS responses received during the last measurement period.

Number

 

Cache flushed

Indicates the number of times the cache was flushed during the last measurement period.

Number

The NetScaler can cache DNS responses (records) and can function as a DNS proxy. This enables the NetScaler to provide quick responses for repeated translations. To configure the NetScaler as a DNS proxy, you must enable caching of DNS records. You must also create a load balancing DNS virtual server, and DNS services, and then bind these services to the virtual server. The NetScaler provides two options, minimum time to live (TTL) and maximum TTL for configuring the lifetime of the cached data. The cached data times out as specified by your settings for these two options. The NetScaler checks the TTL of the DNS record coming from the server. If the TTL is less than the configured minimum TTL, it is replaced with the configured minimum TTL. If the TTL is greater than the configured maximum TTL, it is replaced with the configured maximum TTL.

The NetScaler discards (flushes) a record stored in its cache when the time-to-live (TTL) value of the record reaches the configured value.

Server responses received

Indicates the number of server responses received during the last measurement period.

Number

 

Cache entries flushed

Indicates the number of cache entries that were flushed during the last measurement period.

Number

 

Updated records

Indicates the number of A records that were updated during the last measurement period.

Number

You can add DNS records on the NetScaler, including address (A) records. Address (A) records are DNS records that map a domain name to an IPv4 address.

Non-existent domain queries:

Indicates the number of queries for which the records were not found in the domain during the last measurement period.

Number

If information pertaining to a requested domain does not exist, it indicates a negative response.

This measure therefore reveals the count of negative responses.

Response type unsupported

Indicates the number of responses for which the requested response type was not supported during the last measurement period.

Number

Ideally, the value of this measure should be low.

Response class unsupported

Indicates the number of responses for which the response types were not supported during the last measurement period.

Number

Query class unsupported

Indicates the number of queries for which the base query class was not supported during the last measurement period.

Number

 

Invalid query format

Indicates the number of queries received with an invalid format during the last measurement period.

Number

 

Invalid response format

Indicates the number of responses received with a format error during the last measurement period.

Number

Ideally, the value of this measure should be 0.

Stray answers

Indicates the number of stray answers received during the last measurement period.

Number

Ideally, the value of this measure should be 0.

Responses received without answer

Indicates the number of DNS responses received without an answer during the last measurement period.

Number

Responses received without an answer are deemed as negative responses.

Ideally, the value of this measure should be 0.

Responses received with invalid resource data length

Indicates the number of DNS responses received with an invalid resource data length during the last measurement period.

Number

Ideally, the value of this measure should be 0.

Multi queries disabled

Indicates the number of multi queries that were disabled during the last measurement period.

Number

 

DNS requests refused

Indicates the number of DNS requests that were refused during the last measurement period.

Number

Ideally, the value of this measure should be 0.

Other errors

Indicates the miscellaneous errors detected during the last measurement period.

Number

Ideally, the value of this measure should be 0.