09-10-2015 06:50 AM - edited 09-10-2015 06:52 AM
I am trying to use an ADX to stand up a VIP that will proxy DNS requests via NAT to servers which are several hops away from the ADX, using NAT so that the DNS requests appear to the servers to be coming from the Brocade virtual server IP, and queries will appear to clients as being resolved by the VIP IP.
real server dns-server-1 10.0.0.1 source-nat no-l3-check port dns real server dns-server-1 10.0.0.2 source-nat no-l3-check port-dns virtual server dns-vip 192.168.0.2 next-hop 192.168.0.1 next-hop-allow-fallback-to-default-gateway predictor round-robin port dns bind dns dns-server-1 dns dns-server-2 dns
However, show server bind shows real servers dns-server-1 and -2 as Failed, and the VIP does not respond to DNS queries.
dns -----> + dns-server-1: 10.0.0.1, dns (Failed) + dns-server-2: 10.0.0.2, dns (Failed)
The ADX can ping the real server IPs (10.0.0.1 and .2) without issue. What am I missing?
09-11-2015 09:29 AM
Figured it out. "server real" servers in the Brocade are health-checked via ARP, which of course fails for hosts not on the local subnet. Use "server remote-name" instead.
real remote-name dns-server-1 10.0.0.1 source-nat port dns real remote-name dns-server-1 10.0.0.2 source-nat port-dns virtual server dns-vip 192.168.0.2 predictor round-robin port dns bind dns dns-server-1 dns dns-server-2 dns