DNS Health Monitor

Overview

This article covers the specific configuration for DNS health monitor type. Refer Overview of Health Monitors article for general monitor information, implementation, and other monitor types.

The DNS health monitor validates the health of DNS servers by sending a UDP DNS request and comparing the response IP address.

Creating a DNS Health Monitor

  1. From the NSX Advanced Load Balancer UI, navigate to Templates > Profiles > Health Monitors.

  2. Click on Create to open the CREATE HEALTH MONITOR screen.

  3. Under the General tab, enter the basic information about the health monitor. Note: Select DNS to view the DNS settings.

  4. Configure the DNS.settings.

  5. Configure Role-Based Access Control (RBAC).

  6. Click Save to complete the DNS Health Monitor creation.

Configuring General Settings

Under the General tab of the CREATE HEALTH MONITOR screen, configure the following:

  1. Enter a unique Name for the monitor.

  2. Enter a Description.

  3. Select DNS as the Type of Health Monitor.
    Note: Once the Type of Monitor is selected, options specific to the health monitor type are displayed.

  4. Select the option Is Federated? to replicate the object across the federation. When this option is not selected, the object is visible within the Controller-cluster and its associated SEs.This option is enabled only when GSLB is activated. A federated health monitor is used for GSLB purposes while it is not applicable for a regular health-monitor. A GSLB service cannot be associated with a regular health monitor, because GSLB service is a federated object, while the health monitor is not. Conversely, a pool cannot be associated with a federated health monitor because the pool is not a federated object.

  5. Enter the Send Interval value (in seconds). This value determines how frequently the health monitor initiates an active check of a server. The frequency range is 1 to 3600.

  6. Enter the Receive Timeout value (in seconds). The server must return a valid response to the health monitor within the specified time limit. The receive timeout range is 1 to 2400 or the send interval value minus 1 second.
    Note: If the status of a server continually flips between up and down, this may indicate that the receive timeout is too aggressive for the server.

  7. Enter Successful Checks. This is the number of consecutive health checks that must succeed before NSX Advanced Load Balancer marks a down server as up. The minimum is 1, and the maximum is 50.

  8. Enter Failed Checks. This is the number of consecutive health checks that on failing, NSX Advanced Load Balancer marks a server as down. The minimum is 1, and the maximum is 50.
    DNS HM

Configuring HTTPS Settings

Under the DNS tab, configure the following:

  1. Enter a fully qualified resource record to be checked, such as, www.avinetworks.com as the Request Name.

  2. Under the Response section configure the following:

    1. Select a response match for the custom response to be sent for a DNS query.
      • Any Type: Any DNS answer from the server will be successful, even an empty answer.
      • Anything: The DNS response must contain at least one non-empty answer.
      • Query Type: The response must have at least one answer of which the resource record type matches the query type.
    2. Select the type of DNS response code:
      • Anything: The DNS server’s response code, and any potential errors are ignored and will not result in a health check failure.
      • No Error - An error in the DNS response results in a health check failure.
    3. As the Response String enter the IP address which the response must contain to be considered successful.

    4. Select the Record Type:
      • A: A record that holds only IPv4 addresses
      • Aaaa: A record that holds IPv6 addresses

    DNS HM

    Configuring RBAC

    Under the Role-Based Access Control (RBAC) section, configure labels to control access to the health monitor based on the defined roles

  3. Click Add.
  4. Enter the Key and the corresponding values.

See granular-rbac for more information.