GEO Answer to a DNS Query A or AAAA
- Last Updated: July 17, 2024
- 4 minute read
- LoadMaster
- LoadMaster GA
- Documentation
This section provides examples of how GEO responds to various DNS requests from clients. These examples assume that DNSSEC is not enabled; see the next section for DNSSEC-related examples.
When a query runs against GEO, GEO gets the IP address of the client. The client could have a public IP or a private IP (meaning the client is in the same network as GEO).
| Range | Network type |
|---|---|
| 10.0.0.0 – 10.255.255.255 | Class A network |
| 172.16.0.0 – 172.31.255.255 | Class B networks |
| 192.168.0.0 – 192.168.255.255 | Class C networks |
The Public Requests and Private Requests drop-downs in the modify FQDN screen allows granular control of DNS responses. This provides finer control of DNS responses to configured FQDNs. Administrators may selectively respond with public or private sites based on whether the client is from a public or private IP. For example, administrators may wish to allow only private clients to be sent to private sites. For a table breaking down what site types are allowed depending on the client IP address type and the Public/Private Requests setting, refer to the Add an FQDN section.
For the examples in this section, we will assume the following settings in GEO:
Case 1: If the FQDN has a site defined in GEO, it answers with the configured site IP address.
In this case, the FQDN in the dig query below (documents.progress.com) is configured in the GEO configuration:
So, GEO responds with the configured IP address in a DNS response that looks like the example below:
Dig example
$ dig A documents.progress.com @192.168.1.154 ;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44482;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:;documents.progress.com. IN A ;; ANSWER SECTION:documents.progress.com. 10 IN A 192.168.10.10 ;; AUTHORITY SECTION:documents.progress.com. 10 IN NS geo.progress.com. ;; Query time: 2 msec;; SERVER: 192.168.1.154#53(192.168.1.154);; WHEN: Fri May 24 08:31:40 IST 2024;; MSG SIZE rcvd: 113 nslookup example
nslookup -q=a documents.progress.com 192.168.1.154Server: UnKnownAddress: 192.168.1.154Name: documents.progress.comAddress: 192.168.10.10 Case 2: GEO is aware of the FQDN but no endpoint is available.
The answer from GEO will be NOERROR and will follow the general format shown below. The content of the authority section depends on whether the FQDN is defined on GEO:
- If the FQDN is defined on GEO, this section contains the SOA (Start of Authority) record from GEO's configuration.
- If the FQDN is defined in another zone that GEO knows about but is defined on another DNS server, the authority section in the response includes the SOA information GEO obtained from the authoritative DNS server for the domain.
The following is how an FQDN that was created but no IP address was assigned looks in the GEO UI:
The example below shows what GEO response to a query for the above FQDN would look like.
Dig example
$ dig A documents.progress.com @192.168.1.154;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39220;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:;documents.progress.com. IN A ;; AUTHORITY SECTION:documents.progress.com. 10 IN SOA SOA progress.com. admin\@progress.com. 149 86400 7200 2419200 10 ;; Query time: 1 msec;; SERVER: 192.168.1.154#53(192.168.1.154);; WHEN: Fri May 24 08:36:07 IST 2024;; MSG SIZE rcvd: 133 nslookup example
nslookup -q=a documents.progress.com 192.168.1.154Server: UnKnownAddress: 192.168.1.154Name: documents.progress.com Case 3: The FQDN does not exist
In this case, the FQDN does not exist in the GEO configuration, nor in the configuration of any DNS server with which GEO is communicating.
The response is REFUSED and will look like the example below.
Dig example
$ dig A nondocuments.progress.com @192.168.1.154 ;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21740;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232;; QUESTION SECTION:;nondocuments.progress.com. IN A ;; Query time: 1 msec;; SERVER: 192.168.1.154#53(192.168.1.154);; WHEN: Fri May 24 08:38:33 IST 2024;; MSG SIZE rcvd: 82 nslookup example
nslookup -q=a nondocuments.progress.com 192.168.1.154Server: UnKnownAddress: 192.168.1.154*** UnKnown can't find nondocuments.progress.com: Query refused