Client Source IP

When referring to client source IP, we are taking about the client resolver of the workstation, not the source IP of the workstation or its corresponding NAT to the Internet. This is an important concept to understand; client IPs are of the corresponding DNS resolver. The LoadMaster’s geographical encoding operations are based on this client IP. A common deployment for client DNS resolvers is depicted in the diagram below.

In the illustration above, the following steps occur:

  1. The client workstation asks the local DNS server for a translation of www.web.example.com.
  2. The local DNS server forwards the request to an ISP or Internet DNS server.
  3. The ISP/Internet server has the relevant A records and NS records pointing to the LoadMaster.
  4. The GEO LoadMaster responds to the DNS query with an appropriate answer.

It is important to understand that it is step 3, within the described configuration, which defines the client IP address as presented to the LoadMaster, not step 1 or step 2.

If the firewall is transparent, the GEO LoadMaster will see the client as the ISP. If the firewall is NATing the traffic, the GEO will see the client IP address as the firewall.

The above diagram illustrates the difference between recursive and iterative DNS.

With recursive DNS:

  1. A public client checks the local DNS server for the IP address of the FQDN.
  2. If the Local DNS Server cannot provide the IP address, the local DNS requests the address from the ISP/internet DNS server.
  3. If the ISP/internet DNS server cannot provide the IP address, it requests the address from the firewall.
  4. If the firewall cannot provide the IP address, it requests the address from the GEO LoadMaster.
  5. The return traffic sends answers back to each device along the chain in the network.

In recursive DNS, the GEO LoadMaster sees the client as the ISP server. Please bare this in mind when using location-based or proximity scheduling.

With iterative DNS:

  1. The client checks the local DNS server for the IP address of the FQDN.
  2. The local DNS server tells the client to contact the ISP/internet DNS server.
  3. The client checks the ISP/internet DNS server for the IP address of the FQDN.
  4. The ISP/internet DNS server tells the client to contact the firewall.
  5. The client checks the firewall for the IP address of the FQDN.
  6. The firewall tells the client to contact the GEO LoadMaster.
  7. The client checks the GEO LoadMaster for the IP address of the FQDN.
  8. The GEO LoadMaster answers the DNS query.

These are all separate connections.

In LoadMaster firmware version 7.2.57, a checkbox named EDNS Client Subnet (ECS) was introduced. ECS is an option in the Extension Mechanisms for DNS that allows a recursive DNS resolver to specify the subnetwork when making a DNS query on behalf of the host or client. For further information, refer to the Global section.