DNS Test
You can configure the Citrix ADC appliance to function as an authoritative domain name server (ADNS server) for a domain. You can add the DNS resource records that belong to the domain for which the appliance is authoritative and configure resource record parameters. You can also configure the ADC appliance as a proxy DNS server that load balances a farm of DNS name servers that are either within your network or outside your network. You can configure the appliance as an end resolver and forwarder. You can configure DNS suffixes that enable name resolution when fully qualified domain names are not configured. The appliance also supports the DNS ANY query that retrieves all the records that belong to a domain.
Using the DNS test, you can monitor the DNS queries to the ADC appliance, and evaluate how efficiently the appliance handles these queries. DNS requests that were refused and invalid responses that were sent can thus be promptly detected, and their reasons investigated.
Target of the test : An ADC VPX/MPX
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the ADC appliance being monitored.
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The IP address of the host for which the test is being configured. |
|
NetScaler Username and NetScaler Password |
To monitor a ADC device, the eG agent should be configured with the credentials of a user with read-only privileges to the target ADC device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes. |
|
Confirm Password |
Confirm the ADC Password by retyping it here. |
|
SSL |
The eG agent collects performance metrics by invoking NITRO (ADC Interface Through Restful interfaces and Objects) APIs on the target ADC device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target ADC device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No. |
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
DNS queries received |
Indicates the number of DNS queries received during the last measurement period. |
Number |
|
|
Authoritatively answered queries |
Indicates the number of queries that were authoritatively answered during the last measurement period. |
Number |
An ADNS (Authoritative DNS) server is a DNS server that contains complete information about a zone. To configure the ADC as an ADNS server for a zone, you must add an ADNS service, and then configure the zone. To do so, you add valid SOA (Start of Authority) and NS records for the domain. When a client sends a DNS request, the ADC appliance searches the configured resource records for the domain name. You can delegate a subdomain, by adding NS records for the subdomain to the zone of the parent domain. You can then make the ADC authoritative for the subdomain, by adding a "glue record" for each of the subdomain name servers. If GSLB is configured, the ADC makes a GSLB load balancing decision based on its configuration and replies with the IP address of the selected virtual server. |
|
Multi query requests received |
Indicates the number of multi query requests received during the last measurement period. |
Number |
|
|
Server queries sent |
Indicates the number of server queries sent during the last measurement period. |
Number |
|
|
DNS responses received |
Indicates the number of DNS responses received during the last measurement period. |
Number |
|
|
Cache flushed |
Indicates the number of times the cache was flushed during the last measurement period. |
Number |
The ADC can cache DNS responses (records) and can function as a DNS proxy. This enables the ADC to provide quick responses for repeated translations. To configure the ADC as a DNS proxy, you must enable caching of DNS records. You must also create a load balancing DNS virtual server, and DNS services, and then bind these services to the virtual server. The ADC provides two options, minimum time to live (TTL) and maximum TTL for configuring the lifetime of the cached data. The cached data times out as specified by your settings for these two options. The ADC checks the TTL of the DNS record coming from the server. If the TTL is less than the configured minimum TTL, it is replaced with the configured minimum TTL. If the TTL is greater than the configured maximum TTL, it is replaced with the configured maximum TTL. The ADC discards (flushes) a record stored in its cache when the time-to-live (TTL) value of the record reaches the configured value. |
|
Server responses received |
Indicates the number of server responses received during the last measurement period. |
Number |
|
|
Cache entries flushed |
Indicates the number of cache entries that were flushed during the last measurement period. |
Number |
|
|
Updated records |
Indicates the number of A records that were updated during the last measurement period. |
Number |
You can add DNS records on the ADC, including address (A) records. Address (A) records are DNS records that map a domain name to an IPv4 address. |
|
Non-existent domain queries: |
Indicates the number of queries for which the records were not found in the domain during the last measurement period. |
Number |
If information pertaining to a requested domain does not exist, it indicates a negative response. This measure therefore reveals the count of negative responses. |
|
Response type unsupported |
Indicates the number of responses for which the requested response type was not supported during the last measurement period. |
Number |
Ideally, the value of this measure should be low. |
|
Response class unsupported |
Indicates the number of responses for which the response types were not supported during the last measurement period. |
Number |
|
|
Query class unsupported |
Indicates the number of queries for which the base query class was not supported during the last measurement period. |
Number |
|
|
Invalid query format |
Indicates the number of queries received with an invalid format during the last measurement period. |
Number |
|
|
Invalid response format |
Indicates the number of responses received with a format error during the last measurement period. |
Number |
Ideally, the value of this measure should be 0. |
|
Stray answers |
Indicates the number of stray answers received during the last measurement period. |
Number |
Ideally, the value of this measure should be 0. |
|
Responses received without answer |
Indicates the number of DNS responses received without an answer during the last measurement period. |
Number |
Responses received without an answer are deemed as negative responses. Ideally, the value of this measure should be 0. |
|
Responses received with invalid resource data length |
Indicates the number of DNS responses received with an invalid resource data length during the last measurement period. |
Number |
Ideally, the value of this measure should be 0. |
|
Multi queries disabled |
Indicates the number of multi queries that were disabled during the last measurement period. |
Number |
|
|
DNS requests refused |
Indicates the number of DNS requests that were refused during the last measurement period. |
Number |
Ideally, the value of this measure should be 0. |
|
Other errors |
Indicates the miscellaneous errors detected during the last measurement period. |
Number |
Ideally, the value of this measure should be 0. |
|
Non-authoritative entries |
Indicates the number of non-authoritative entries during the last measurement period. |
Number |
Non-authoritative entry simply means the answer is not fetched from the authoritative DNS server for the queried domain name. |
|
Authoritative entries |
Indicates the number of authoritative entries during the last measurement period. |
Number |
|
|
DNS64 queries received |
Indicates the number of DNS64 queries received during the last measurement period. |
Number |
DNS64 is a DNS service that returns AAAA records with synthetic IPv6 addresses for IPv4-only destinations (with A but not AAAA records in the DNS). This lets IPv6-only clients use NAT64 gateways without any other configuration. |
|
DNS64 truncated answers |
Indicates the number of DNS64 truncated answers during the last measurement period. |
Number |
|
|
DNS64 answers served |
Indicates the number of DNS64 answers served during the last measurement period. |
Number |
|
|
Queries sent by DNS64 module to backend |
Indicates the number of queries sent by DNS64 module to backend during the last measurement period. |
Number |
|
|
DNS64 answers served after rewriting response |
Indicates the number of DNS64 answers served after rewriting response during the last measurement period. |
Number |
|
|
Number of times AAAA query bypassed in DNS64 |
Indicates the number of DNS64 queries bypassed during the last measurement period. |
Number |
|
|
Responses received from backend in DNS64 context |
Indicates the number of DNS64 responses received from the backend during the last measurement period. |
Number |
|
|
Number of DNS64 queries over TCP |
Indicates the number of DNS64 TCP queries during the last measurement period. |
Number |
|
|
DNS64 queries for GSLB domain |
Indicates the number of DNS64 queries for GSLB domain during the last measurement period. |
Number |
|
|
Active DNS64 policies |
Indicates the number of active DNS64 policies during the last measurement period. |
Number |
|
|
DNS64 answers served for GSLB domain |
Indicates the number of DNS64 answers served for GSLB domain during the last measurement period. |
Number |
|
|
DNS64 responses received from backend with a count 0 |
Indicates the number of DNS64 no data responses during the last measurement period. |
Number |
|
