Load balancers in front of DC\DNS servers

  • 166 Views
  • Last Post 30 January 2018
ahobbs posted this 30 January 2018

Hey all

Our DNS service is being transferred from our Operations team to the Network team.

One of the options they want to explore is to place a load balancer in front of the Windows 2008 R2 AD integrated DNS servers to load balance traffic from the clients, giving flexibility to the back end servers if we ever move them.

Any thoughts on this approach? It seems more complicated but I can’t see a reason why it shouldn’t work, or be considered

Thanks all

Amanda

Forum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx

Order By: Standard | Newest | Votes
patrickg posted this 30 January 2018

Should work, keep an eye out on query time latency before and after. As others have mentioned it should be load balancers, if there's a single load balancer I would avoid going that route.


~Patrick

show

webster posted this 30 January 2018

I would say that half the places I go, DNS and DHCP and NetScalers are owned by the networking team and the AD and Citrix teams have no access. If they want a change, like a new DNS  record or a new DHCP scope or VLAN for a Citrix project,

welcome to the world of networking change control hell.

 

Thanks

 

 

Carl Webster

Citrix Technology Professional Fellow

| iGel Tech Community Insider | Parallels VIPP

http://www.CarlWebster.com

The Accidental Citrix Admin

 

show

amulnick posted this 30 January 2018

I've done this in the past for non-windows clients.  The goal was to make name resolution more reliable.  At the time, I did not adjust the settings for updates.  Non Windows clients were not a concern in that environment with regards to secure dns updates.  
The trick to that approach is to make sure if you're allowing dns clients to update their own records, that you adjust the pool to allow that to continue working else your records will become stale. 
Works well, but like I said primarily for non-windows clients and clients that don't have to update their own records (unless you tweak it for that purpose).  Windows clients can handle a lot more DNS servers than many legacy clients. 
Strange that a network team wants to own name resolution.  
Al


show

webster posted this 30 January 2018

I am NOT a NetScaler person but I just found a Citrix support article that states NetScaler can be configured as an authoritative DNS server for AD. I had no idea.

 

https://support.citrix.com/article/CTX109726

 

I know Amanda didn't state anything about NetScaler but I am sure other load balancers offer the same features and capabilities.

 

Thanks

 

 

Carl Webster

Citrix Technology Professional Fellow

| iGel Tech Community Insider | Parallels VIPP

http://www.CarlWebster.com

The Accidental Citrix Admin

 

show

marcuscoh posted this 30 January 2018

Amanda,
We did this exact thing. I would advocate doing this based on my experiences. We would generally put the VIP as the primary address and the actual physical address as secondary or tertiary -- if we had more than one VIP. Don't recall if there were sticky session values that had to be adjusted (might have had to drop them a bit.) I don't understand the single point of failure comment as I found it helped to remove that where clients did not handle moving from primary to secondary very well during periods where we were patching domain controllers.
/m


show

webster posted this 30 January 2018

I see this done all the time in the Citrix related projects I have done and do. Customer puts an HA pair of NetScalers in front of the infrastructure and load balances various Citrix components along with DNS. No single point of failure as long as what you use for the load balancing is not a single device.

Thanks


Carl Webster
Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP
http://www.CarlWebster.com
The Accidental Citrix Admin

show

kebabfest posted this 30 January 2018

All I see here is adding a single point of failure. Don't see the value in what they are doing at all. 


show

Anthony.Vandenbossche posted this 30 January 2018

Hi Amanda

In my experience there are no big caveats when implementing a Load Balancer for DNS and LDAPS. Do make sure that this Load Balancer is setup redundantly to prevent a single point of failure. 1 annoying thing is that you never know where DNS records are updated, so you will need to rely on automatic replication heavily ;).

Kr,
Anthony.

show

Close