Global intelligent DNS

Introduction

The global intelligent DNS feature typically applies to the multiple data center scenario. This feature has the following benefits:

• Allows users to access the data center close to them, improving user experience.

• Performs remote backup among multiple data centers and directs traffic to another data center when one data center becomes faulty, improving service reliability.

How it works

The global intelligent DNS feature is implemented based on the DNS technology and solves the following problems of common DNS servers:

• Common DNS servers distribute traffic typically based on the round robin algorithm. They might resolve an undesired IP address, affecting user experience.

• Common DNS servers do not provide detection methods to detect disasters. They might provide the IP address of a faulty device in a data center to users.

The GLB device acts as a DNS server to resolve DNS requests. The GLB device performs uniform scheduling of virtual servers providing the same service in all data centers, and returns the IP address of the optimal virtual server to users. The GLB device detects the state of all virtual servers and does not schedule faulty virtual servers.

Deployment modes

The GLB feature works with server load balancing (SLB). GLB performs scheduling among multiple data centers to select the optimal data center. SLB performs scheduling in the local data center to select the optimal virtual server. For more information about SLB, see the application load balancing help.

GLB supports the following deployment modes:

• Centralized deployment—GLB and SLB are deployed on the same device.

• Distributed deployment—GLB and SLB are deployed on different devices.

Workflow for centralized deployment

Figure-1 Workflow for centralized deployment

Table-1 Workflow description

For distributed deployment, the host sends a connection request to the SLB device instead of the GLB device.

Relationship between configuration items

When the GLB device receives a DNS request with the destination address as the IP address of the global DNS listener, it performs the following operations:

1. Selects a global DNS mapping according to the domain name in the DNS request.

2. Selects a global virtual sever pool according to the predictors configured for the selected global DNS mapping.

3. Selects the optimal virtual sever according to the predictors configured for the selected global virtual sever pool.

4. Sends the IP address of the optimal virtual sever to the user in a DNS response.

The user uses the IP address of the optimal virtual sever as the destination IP address to access the intranet server.

Figure-2 shows the relationship between the following configuration items:

• Global DNS listener—Listens DNS requests on the LB device. If the destination address of a DNS request matches the address being listened, GLB is performed.

• Global DNS mapping—Maps a global virtual server pool to a domain name. The GLB device can obtain the global virtual server pool associated with the domain according to the global DNS mapping. Multiple global virtual server pools can be configured in a global DNS mapping. The optimal global virtual server pool is selected according to the scheduling algorithm.

• Global virtual server pool—The virtual servers in the global virtual server pool are associated with links. The availability of the links and virtual servers determines whether the virtual servers can participate in scheduling.

• Data center—A collection of outbound links and SLB devices in a data center.

• Link—An outbound link of a data center. The bandwidth usage of the link determines whether the link is busy, and it also serves as the basis for the bandwidth algorithm.

• Topology—Associates the region where the local DNS server resides with the IP address of a virtual server to distribute DNS requests to the virtual server.

• Server—SLB device. The GLB device obtains the configuration and statistics of virtual servers from an SLB device by establishing a connection with the SLB device.

• Virtual server—A virtual server is used by the LB device to provide services to users.

Figure-2 Relationship between configuration items

Restrictions and guidelines

In the current software version, global intelligent DNS does not support VPN.

The name of the virtual server configured on a GLB device or SLB device must be unique.

The name of the link configured on a GLB device must be unique.

Execute the configuration synchronization command if either of the following situations occurs:

• The connection between GLB devices has problems.

• Configuration conflicts exist after the connection between GLB devices is established.

vSystem support information

Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.

Configure global intelligent DNS

Analysis

Figure-3 shows the global intelligent DNS configuration procedure.

Figure-3 Global Intelligent DNS configuration procedure

Prerequisites

Complete the following tasks before you configure this feature:

• Assign IP addresses to interfaces on the Network > Interface Configuration > Interfaces page.

• Configure routes on the Network > Routing page. Make sure the routes are available.

Configure a link

Link availability is one factor for determining whether a virtual server or virtual IP address can participate in scheduling. You can affect link availability by configuring health monitoring, the maximum bandwidth, and bandwidth ratio. For detailed steps required to configure links, see the load balancing common configuration help.

Configure a virtual server

For distributed deployment, GLB learns the virtual server from the SLB device. Make sure the virtual server configured on the SLB device is available.

For centralized deployment, SLB settings must be configured on the GLB device. GLB uses the locally configured virtual server. For detailed steps required to configure virtual servers, see the online help for application load balancing.

Do not configure the IP address of the virtual server as that of the global DNS listener.

The IP address of a virtual server must be a non-all-zero unicast address with a 32-bit mask. The IPv4 mask length is 32, and the IPv6 prefix length is 128.

Virtual server settings can be synchronized among GLB devices through the default synchronization group.

Configure health monitoring

The GLB device uses a probe template to detect the health of the global virtual server pool, virtual IP address, and virtual servers.

For detailed steps required to configure health monitoring, see the load balancing common configuration help.

Configure a global DNS listener

A global DNS listener listens DNS requests on the LB device. If the destination address of a DNS request matches the address being listened, global intelligent DNS is performed.

Global DNS listener settings are configured on each GLB device locally, and are not synchronized among data centers.

To configure a global DNS listener:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global DNS Listener.

2. Click Create on the Global DNS Listener page.

3. Create a global DNS listener.

   Figure-4 Global DNS listener settings

   

   Table-2 Global DNS listener configuration items

   Item	Description
   DNS listener name	Enter a name for the global DNS listener, case insensitive.
   DNS listener IP address	Specify an IPv4 address for the DNS listener. The IPv4 address cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.
   Listening port number	Specify a port number for the DNS listener.
   DNS listening	Enable or disable DNS listening.
   Action upon DNS mapping search failure	Specify the action to take upon DNS mapping search failure. Do not respond Send a DNS reject Respond through a DNS proxy

4. Click OK. The new global DNS listener appears on the Global DNS Listener page.

Configure a data center

Perform this task to define a data center and configure the mappings between the SLB device and links.

Data center settings can be synchronized among GLB devices through the default synchronization group.

To configure a data center:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Data Center.

2. Click Create on the Data Center page.

3. Create a data center.

   Figure-5 Data center settings

   

   Table-3 Data center configuration items

   Item	Description
   Data center name	Enter a name for the data center, case insensitive.
   Server LB device	Configure an SLB device. Click Add to add an SLB device. Server LB device name—Enter a name, case insensitive. By default, when a data center is created, the system automatically creates a local SLB device named localhost. Virtual server—Specify the virtual server to be referenced by the local SLB device localhost. This parameter is available only for the local SLB device localhost. The virtual servers of non-local SLB devices are automatically learned. Communication address—Specify the IP address used to establish the connection between the GLB device and SLB device. Communication port—Specify the port number used to establish the connection between the GLB device and SLB device. Communication interval—Specify the interval at which the GLB device obtains the configuration and statistics of the virtual server from the SLB device. Username—Specify the username used to establish a connection between the GLB device and SLB device. Password—Specify the password used to establish a connection between the GLB device and SLB device. The connection can be established only if the username and password are the same as the username and password configured on the SLB device. Service capability—Enable or disable the SLB device. If the SLB device is disabled, all virtual servers of the SLB device are unavailable. Click OK. The new SLB device appears on the SLB device list.
   Outbound link	Select an existing link or create a link as the outbound link for the data center.
   Data center feature	Enable or disable the data center. If the data center is disabled, all SLB devices, links, and virtual servers of the data center are unavailable.
   Description	Enter a description for the data center.

4. Click OK. The new data center appears on the Data Center page.

Configure a global DNS mapping

A DNS mapping associates a domain name with a global virtual IP pool. The LB device can obtain the virtual IP pool associated with the domain name in a DNS request.

Global DNS mapping settings can be synchronized among GLB devices through the default synchronization group.

To configure a global DNS mapping:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global DNS Map.

2. Click Create on the Global DNS Map page.

3. Create a global DNS mapping.

   Figure-6 Global DNS mapping settings

   

   Table-4 Global DNS mapping configuration items

   Item	Description
   Global DNS mapping name	Enter a name for the global DNS mapping, case insensitive.
   Preferred predictor	Select the preferred predictor for the global DNS mapping. The preferred predictor has the highest priority. If no global virtual server pool is selected by using the preferred predictor, the alternative predictor is used. If no global virtual server pool is selected by using the alternative predictor, the backup predictor is used. You can specify one of the following predictors as the preferred predictor: Round robin—Assigns DNS requests to global virtual server pools based on the weights of global virtual server pools. A higher weight indicates more DNS requests will be assigned. Random—Randomly assigns DNS requests to global virtual server pools. Static proximity algorithm—Assigns DNS requests to global virtual server pools based on static proximity entries. By default, the round robin algorithm is used.
   Alternative predictor	Specify the alternative predictor for the global DNS mapping. The supported predictors are the same as those supported for the preferred predictor.
   Backup predictor	Specify the backup predictor for the global DNS mapping. The supported predictors are the same as those supported for the preferred predictor.
   Global virtual server pool	Add a global virtual server pool. Click Add to add a global virtual server pool. Global virtual server pool—Select an existing global virtual server pool or create a global virtual server pool. Weight—Specify the weight of the global virtual server pool. A higher weight indicates more DNS requests will be assigned. Click OK. The new global virtual server pool appears on the global virtual server pool list.
   Domain name list	Add a domain name. Enter a domain name, a case-insensitive string. Each dot-separated label in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), dots (.), and wildcards (asterisks and question marks). Dots cannot be used as the start and end characters. When you use wildcards (asterisks and question marks) in a domain name, follow these guidelines: The wildcards can substitute any characters except for dots (.). An asterisk (*) can substitute a character string. A question mark (?) can substitute a single character. Click Add. The added domain name appears in the domain name list.
   TTL	Specify the TTL in seconds. The TTL is the amount of time that DNS records are cached for DNS responses. For the DNS client to get the updated DNS record when the virtual IP address configuration changes, set a smaller TTL value. For stable, fast domain name resolution when the network is stable, set a larger TTL value.
   Global DNS mapping	Enable or disable global DNS mapping.

4. Click OK. The new global DNS mapping appears on the Global DNS Map page.

Configure a global virtual IP pool

Perform this task to facilitate management of virtual IP addresses or virtual servers with similar functions. A global virtual IP pool is used by a DNS mapping.

Global virtual IP pool settings can be synchronized among GLB devices through the default synchronization group.

To configure a global virtual IP pool:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global Virtual Pool.

2. Click Create on the Global Virtual IP Pool page.

3. Create a global virtual IP pool.

   Figure-7 Global virtual IP pool settings

   

   Table-5 Global virtual IP pool configuration items

   Item	Description
   Global virtual IP pool name	Enter a name for the global virtual IP pool, case insensitive.
   Preferred predictor	Specify the preferred predictor for the global virtual IP pool. The preferred predictor has the highest priority. If no virtual IP address/virtual server is selected by using the preferred predictor, the alternative predictor is used. If no virtual IP address/virtual server is selected by using the alternative predictor, the backup predictor is used. You can specify one of the following predictors as the preferred predictor: Weight round robin—Assigns DNS requests to virtual IP addresses/virtual servers based on the weights of virtual IP addresses/virtual servers. A higher weight indicates more DNS requests will be assigned. Random—Randomly assigns DNS requests to virtual IP addresses/virtual servers. Static proximity—Assigns DNS requests to virtual IP addresses/virtual servers based on static proximity entries. By default, the weighted round robin algorithm is used.
   Alternative predictor	Specify the alternative predictor for the global virtual IP pool. The supported predictors are the same as those supported for the preferred predictor.
   Backup predictor	Specify the backup predictor for the global virtual IP pool. The supported predictors are the same as those supported for the preferred predictor.
   Virtual IP/Virtual server list	Click Create to add a virtual IP address or virtual server. Virtual server—Virtual server learned. For centralized deployment, it is configured on the local SLB device named localhost. SLB device—Specify the SLB device to which the virtual IP address belongs. It is can only be the local SLB device named localhost. IP address—Specify the virtual IP address for the local SLB device localhost associated with the specified data ceter. Link—Specify the link to be associated with the virtual IP address/virtual server. You can select an existing link or create a link. If no link is specified or the specified link is deleted, the system automatically selects the link closest to the network segment to associate with the virtual IP address/virtual server. A manually specified link overwrites an automatically selected link. Weight—Specify the weight for the virtual IP address/virtual server. For the weighted round robin algorithm, a greater value means a higher priority to be used. Probe method—Specify a probe template for the virtual IP address/virtual server. You can select an existing probe template or create a probe template. Success criteria—Specify the health monitoring success criteria for the virtual IP address/virtual server. All probes succeed—Health monitoring succeeds only when all the specified health monitoring methods succeed. At least n probes succeed—Health monitoring succeeds when a minimum of the specified number of health monitoring methods succeed. When the specified number of health monitoring methods is greater than the number of health monitoring methods on the device, health monitoring succeeds if all health monitoring methods succeed. Click OK. The new virtual IP address/virtual server appears in the virtual IP address/virtual server list.
   Probe method	Specify a probe template for the global virtual IP pool to detect health and availability of the virtual IP address/virtual servers. You can also configure this parameter for a single virtual IP address/virtual server. The configuration for a single virtual IP address/virtual server has higher priority than that for the global virtual IP pool. You can select an existing probe template or create a probe template.
   Success criteria	Specify the health monitoring success criteria for the global virtual IP pool. All probes succeed—Health monitoring succeeds only when all the specified health monitoring methods succeed. At least n probes succeed—Health monitoring succeeds when a minimum of the specified number of health monitoring methods succeed. When the specified number of health monitoring methods is greater than the number of health monitoring methods on the device, health monitoring succeeds if all health monitoring methods succeed.
   Link protection	Enable or disable link protection. This feature enables a global virtual IP pool to select a virtual IP address/virtual server based on the bandwidth ratio of the associated link. If the bandwidth ratio of a link is exceeded, the virtual IP address or virtual server is not selected. You can set the bandwidth ratio of a link on the Links page.

4. Click OK. The new global virtual IP pool appears on the Global Virtual IP Pool page.

Configure a default synchronization group member

Global intelligent DNS requires synchronization of configuration and statistics among multiple GLB devices for unified management.

Each GLB device is a member of a synchronization group. Data is synchronized only among members in the same synchronization group. Currently, all GLB devices are members of the default synchronization group.

The device supports synchronizing the following information among members of a default synchronization group:

• Configuration information—Configuration information about data centers, server LB devices, global DNS mappings, global virtual IP pools (excluding probe templates), global forward DNS zones, global reverse DNS zones, global static proximity, global regions, and global ISPs (excluding the imported ISP file).

• Operation data—Operation data of virtual servers and links.

To configure a default synchronization group member:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Default Syncgroup Member.

2. Click Create on the Default Syncgroup Member page.

3. Create a default synchronization group member.

   Figure-8 Default synchronization group member settings

   

   Table-6 Default synchronization group member configuration items

   Item	Description
   Default synchronization group member name	Enter a name for the default synchronization group member, case insensitive.
   Member type	Specify the member type: Local or Remote.
   Member communication capability	Enable or disable member communication capability. A local synchronization group member can establish a TCP connection with a remote synchronization group member only if member communication capability is enabled.
   Communication address	Specify the IPv4 address used to establish a TCP connection with the remote synchronization group member.
   Communication port	Specify the port number used to establish a TCP connection with the remote synchronization group member.
   Authentication key	Enter an authentication key used for establishing a TCP connection between the local and remote synchronization group members. A TCP connection can be established only if the authentication keys are the same on the local and remote synchronization group members. This parameter can be configured only on the local synchronization group member.
   Probe interval	Specify the interval at which the local synchronization group member sends keepalive packets to the remote synchronization group member after establishing a connection with it. This parameter can be configured only on the local synchronization group member.
   Probe retry times	Specify the number of keepalive retries for the local synchronization group member. This parameter can be configured only on the local synchronization group member.

4. Click OK. The new default synchronization group member appears on the Default Syncgroup Member page.

Configure global ISP information

Use the IP addresses assigned by ICANN to configure IP addresses for an ISP.

You can configure ISP information manually, by importing an ISP file, or use both methods.

The system keeps the imported information intact when detecting the following problems on the imported file:

• The file does not exist.

• The file name is invalid.

• File decryption fails.

If the system quits the import operation because of IP address parsing failure, the system performs the following operations:

• Clears the most recently imported information.

• Saves the information imported this time.

You cannot delete the imported ISP or its IP address. If the manually configured and imported ISP information overlaps, you can delete the manually configured ISP information.

If you import multiple ISP files, the newly imported file overwrites the previously imported one.

To configure global ISP information:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global ISP.

2. Import an ISP file on the Global ISP page.

   1. Click Select, and select the file to be imported.

   2. Click Import. The imported file appears in the ISP list.

      Figure-9 Importing or removing an ISP file

      

3. Manually configure global ISP information.

   1. Click Create.

      Figure-10 Manually configuring global ISP information

      

      

      Table-7 Manual global ISP configuration items

      Item	Description
      Global ISP name	Enter a name for the global ISP, case insensitive.
      ISP address list	Click Create to configure an ISP address. IPv4 address—Enter an IPv4 address. Mask length—Specify the mask length for the IPv4 address. Click OK. The ISP address appears in the ISP address list. Origin—The way an ISP address is obtained. Options are Manually configured and Imported from file.

   2. Click OK. The new global ISP appears in the global ISP list.

Configure a global region

A global region contains network segments corresponding to different global ISPs.

To configure a global region:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global Region.

2. Click Create on the Global Region page.

3. Create a global region.

   Figure-11 Global region settings

   

   Table-8 Global region configuration items

   Item	Description
   Global region name	Enter a name for the global region, case insensitive.
   Global ISP	Add a global ISP by selecting an existing global ISP or creating a global ISP.

4. Click OK. The new global region appears on the Global Region page.

Configure global static proximity

A global static proximity policy associates a global region with a virtual IP address range and a global virtual IP pool. When the static proximity algorithm is specified for a global DNS mapping or global virtual IP pool, you must configure a global static proximity policy. When a DNS request matches multiple global static proximity policies, the static proximity policy with the highest weight is used.

To configure a global static proximity policy:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global Topology.

2. Click Create on the Global Topology page.

3. Create a global static proximity policy.

   Figure-12 Global static proximity policy settings

   

   Table-9 Global static proximity policy configuration items

   Item	Description
   Global region name	Select an existing global region or create a global region.
   IPv4 subnet	Specify the virtual IP subnet. For an IPv4 subnet, the IPv4 address cannot be a loopback address, IPv4 multicast address, or all-zero address. For an IPv6 subnet, the IPv6 address cannot be a loopback address (::1/128) or unspecified address (::/128).
   Global virtual IP pool	Select an existing global virtual IP pool or create a global virtual IP pool.
   Priority	Specify a priority value. When a DNS request matches multiple static proximity policies, the static proximity policy with the greatest priority value is selected.

4. Click OK. The new global static proximity policy appears on the Global Topology page.

Configure a global forward DNS zone

During DNS resolution, an LB device looks up the resource records configured in a global forward DNS zone for the host name corresponding to the target domain name. The following types of DNS resource records are available for an LB device to resolve DNS requests:

• Canonical name (CNAME)—Maps multiple aliases to one host name (server). For example, an enterprise intranet has a server with host name host.example.com. The server provides both Web service and mail service. You can configure two aliases (www.example.com and mail.example.com) in a CNAME resource record for this server. When a user requests Web service, the user accesses www.example.com. When a user requests mail service, the user accesses mail.example.com. Actually, the user accesses host.example.com in both cases.

• Mail exchanger (MX)—Specifies the mail server for a global forward DNS zone.

• Name server (NS)—Specifies the authoritative DNS server for a global forward DNS zone.

• Start of authority (SOA)—Specifies authoritative information about a global forward DNS zone, including the primary DNS server and administrator mailbox.

After receiving a DNS request, an LB device searches the resource records in the configured global forward DNS zone for the host name corresponding to the target domain name. Then, the LB device looks up the DNS mappings for the global virtual IP pool associated with the host name.

To configure a global forward DNS zone:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global Forward DNS Zone.

2. Click Create on the Global Forward DNS Zone page.

3. Create a global forward DNS zone.

   Figure-13 Global forward DNS zone settings

   

   Table-10 Global forward DNS zone configuration items

   Item	Description
   Zone name	Specifies a domain name for the global forward DNS zone, a case-insensitive, dot-separated string of 1 to 253 characters. Each dot-separated part in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and dots (.).
   TTL	Specify the TTL for all resource records in the global forward DNS zone.
   Resource record list	Click Create to add a resource record. Type—Select a resource type: MX, NS, or CNAME. Subname—Specify a subname for the global forward DNS zone, a case-insensitive, dot-separated string of 1 to 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters. This parameter appears only if you have selected MX or NS from the Type list. Mail server host name—Specify the host name of the mail server, a case-insensitive, dot-separated string that contains a maximum of 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters. This parameter appears only if you have selected MX from the Type list. Priority—Specify the preference for the resource record. The smaller the value, the higher the priority. This parameter appears only if you have selected MX from the Type list. Authoritative name server host name—Specify the host name of the authoritative DNS server, a case-insensitive, dot-separated string that contains a maximum of 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters. This parameter appears only if you have selected NS from the Type list. Alias—Specify an alias for a host name, a case-insensitive, dot-separated string that contains a maximum of 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters. This parameter appears only if you have selected CNAME from the Type list. Canonical name—Specify the host name, a case-insensitive, dot-separated string that contains a maximum of 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters. This parameter appears only if you have selected CNAME from the Type list. Click OK. The new resource record appears in the resource record list.
   SOA configuration-Primary name server host name	Specify the host name for the primary DNS server. The host name of the primary DNS server can be a relative domain name (does not end with a dot) or an absolute domain name (ends with a dot). For an absolute domain name, the host name is not automatically expanded and cannot exceed 254 characters. For a relative domain name, the current domain name is automatically appended to the host name. The host name plus the appended domain name cannot exceed 254 characters.
   SOA configuration-Administrator email address	Specify the email address of the administrator. The email address of the administrator can be a relative domain name (does not end with a dot) or an absolute domain name (ends with a dot). For an absolute domain name, the email address is not automatically expanded and cannot exceed 254 characters. For a relative domain name, the current domain name is automatically appended to the email address. The email address plus the appended domain name cannot exceed 254 characters.
   SOA configuration-Serial number	Configure the serial number for the global forward DNS zone. The greater the serial number, the newer the global forward DNS zone is configured. The secondary DNS server periodically queries the serial numbers of global forward DNS zones on the primary DNS server and compares them with local serial numbers.
   SOA configuration-Refresh interval	Specify the refresh interval. The secondary DNS server obtains SOA resource records from the primary DNS server at the refresh interval. After obtaining SOA resource records, the secondary DNS server compares them with the local SOA resource records.
   SOA configuration-Retry interval	Specify the retry interval, which is the amount of time that the secondary DNS server waits after it fails to copy a global forward DNS zone.
   SOA configuration-Expiration time	Specify the expiration time, which is the amount of time that the secondary DNS server can work after it loses contact with the primary DNS server.
   SOA configuration-Minimum TTL	Specify the minimum TTL, which is the amount of time that resource records on the primary DNS server are cached on the secondary DNS server.

4. Click OK. The global forward DNS zone appears on the Global Forward DNS Zone page.

Configure a global reverse DNS zone

The LB device performs reverse DNS resolution according to the global reverse DNS zone configuration. Reverse DNS resolution searches for a domain name according to an IP address. The pointer record (PTR) resource records configured in a global reverse DNS zone record mappings between domain names and IP addresses.

Reverse DNS resolution is used to address spam attacks by verifying the validity of the email sender. When a mail server receives an email from an external user, it sends a reverse DNS resolution request to the LB device. The LB device resolves the source IP address of the sender into a domain name according to PTR resource records, and sends the domain name to the mail server. The mail server compares the received domain name with the actual domain name of the sender. If the two domain names match, the mail server accepts the email. If not, the mail server considers the email as a spam email and discards it.

To configure a global reverse DNS zone:

1. Select LB > Intelligent DNS > Global Intelligent DNS > Global Reverse DNS Zone.

2. Click Create on the Global Reverse DNS Zone page.

3. Create a global reverse DNS zone.

   Figure-14 Global reverse DNS zone settings

   

   Table-11 Global reverse DNS zone configuration items

   Item	Description
   IPv4 address	Specify an IPv4 address for the global reverse DNS zone.
   Mask	Specify the mask length for the global reverse DNS zone.
   TTL	Specify the TTL for PTR resource records.
   PTR resource record list	Click Create to add a PTR resource record. IPv4 address—Specify an IPv4 address. The IPv4 address specified in a PTR resource record must be within the IPv4 address range of the global reverse DNS zone. Domain name—Specify a domain name, a case-insensitive, dot-separated string that contains a maximum of 253 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters. Click OK. The new PTR resource record appears in the PTR resource record list.

4. Click OK. The global reverse DNS zone appears on the Global Reverse DNS Zone page.

Configure data synchronization

Perform this task to synchronize data among default synchronization group members.

Figure-15 Data synchronization settings

The device supports two synchronization methods: Synchronize local data and Synchronize to all. For the master device, the two synchronization methods have the same effect, that is, synchronizing the master's data to all standby devices in the default synchronization group. For a standby device, Synchronize local data synchronizes its data to the master device, and Synchronize to all notifies the master to synchronize data on the master to all standby devices.

The device supports synchronizing the following types of data:

• Running data.

• Configuration data.

For the configuration to take effect, perform this task after the master device has been elected.