|
Measures reported by CtxNsDnsRecordsTest
You can configure the Citrix ADC appliance to function as an authoritative domain name server (ADNS server) for a domain. As an ADNS server for a domain, the Citrix ADC resolves DNS requests for all types of DNS records that belong to the domain. Add the DNS resource records that belong to the domain for which the appliance is authoritative and configure resource record parameters. The maximum number of records of each type that the Citrix ADC can support is also pre-set.
You can also configure the appliance as a proxy DNS server that load balances a farm of DNS name servers that are either within or outside your network.
Also, by default, the Citrix ADC appliance caches responses from DNS name servers. When the appliance receives a DNS query, it checks for the queried domain in its cache. If the address for the queried domain is present in its cache, the Citrix ADC returns the corresponding address to the client. Otherwise, it forwards the query to a DNS name server that checks for the availability of the address and returns it to the Citrix ADC. The Citrix ADC then returns the address to the client.
For requests for a domain that has been cached earlier, the Citrix ADC serves the Address record of the domain from the cache without querying the configured DNS server.
Citrix administrators may want to periodically audit DNS clients and responses to client requests, so that they can proactively detect problems in responsiveness and troubleshoot them. Problems such as frequent cache misses and an unusually high number of malformed responses can severely impair responsiveness. Administrators should also be notified if there are more number of records for any record type than the pre-set limit; such an anomaly can be indicative of malicious DNS attacks, which should be prevented at all costs. To perform these critical DNS audits and to capture abnormalities on-the-fly, administrators can use the CtxNsDnsRecordsTest.
This test tracks requests from and responses to DNS clients, and alerts administrators to malformed responses. The test also continuously monitors cache usage, and notifies administrators if the cache is unable to service DNS requests consistently. The test also reports if there are more entries for a record than what the appliance can support.
Outputs of the test: One set of results for the Citrix ADC being monitored
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| Request_rate |
Indicates the number of DNS queries received during the last measurement period. |
Number |
|
| Tot_responses |
Indicates the number of DNS server responses processed during the last measurement period. |
Number |
|
| Curr_entries |
Indicates the number of DNS entries recorded during the last measurement period. |
Number |
|
| Curr_records |
Indicates the number of DNS records that were available on the ADC during the last measurement period. |
Number |
|
| Tot_entries |
Indicates the total number of DNS record entries during the last measurement period. |
Number |
|
| Tot_updates |
Indicates the number of proactive updates that occurred during the last measurement period. |
Number |
The appliance discards a record stored in its cache when the time-to-live (TTL) value of the record reaches the configured value. A client that requests an expired record has to wait until the Citrix ADC retrieves the record from the server and updates its cache. To avoid this delay, the Citrix ADC proactively updates the cache by retrieving the record from the server before the record expires.
|
| Tot_limit_errors |
Indicates the total number of times you have received DNS records with more entries than that you support. |
Number |
The following table lists the record types that you can configure for a domain name record on the Citrix ADC appliance, and the maximum number of DNS records that you can configure for each type.
| Record Type |
Number Of Records |
| Address(A) |
25 |
| IPv6(AAAA) |
5 |
| Mail Exchange(MX) |
12 |
| Name Server(NS) |
16 |
| Service(SRV) |
8 |
| Pointer(PTR) |
20 |
| Canonical Name (CNAME) |
1 |
| Start of Authority (SOA) |
1 |
| Text (TXT) |
20 |
| Naming Authority Pointer (NAPTR) |
20 |
If any record type has more entries than the maximum limit indicated by the table above, then the value of this measure will get incremented.
|
| Tot_res_format_errors |
Indicates the total number of times we have received malformed responses from the backend during the last measurement period. |
Number |
Ideally, the value of this measure should be 0 or very low.
|
| Tot_alias_ext_errors |
Indicates the total number of times we have received non-cname records for a domain during the last measurement period. |
Number |
|
| Tot_cache_misses |
Indicates the total number of cache misses during the last measurement period. |
Number |
Ideally, the value of this measure should be 0 or very low. A high value is indicative of poor cache usage. In other words, it means that a majority of DNS queries are not being processed by the cache, but by the the DNS name server. A high cache miss ratio can result in query processing latencies.
|
|