DEPLOYMENT GUIDE

Enabling and Configuring

DNS Traffic Control in NIOS 8.x
 TABLE OF CONTENTS
Introduction ......................................................................................................................................... 3
Prerequisites ....................................................................................................................................... 3
Limitations ........................................................................................................................................... 3
DTC Query Workflow .......................................................................................................................... 4
Best Practices ..................................................................................................................................... 5
NIOS DTC Objects ............................................................................................................................... 5
DTC Servers ...................................................................................................................................... 5
DTC Pools .......................................................................................................................................... 5
DTC Load Balanced Domain Name (LBDN)...................................................................................... 6
Load Balancing Methods.................................................................................................................... 6
All Available ........................................................................................................................................ 7
Global Availability ............................................................................................................................... 7
Round Robin ...................................................................................................................................... 7
Ratio:Fixed ......................................................................................................................................... 7
Ratio:Dynamic .................................................................................................................................... 8
Topology ............................................................................................................................................ 8
DTC Health Monitors.......................................................................................................................... 9
DTC Use Cases .................................................................................................................................. 10
Load Balancing Internet applications ............................................................................................... 10
Load Balancing Internal/Intranet Applications ................................................................................. 10
The Disaster Recovery Use case .................................................................................................... 11
Deploying DTC .................................................................................................................................. 11
Setup Details .................................................................................................................................... 11
Assign Extensible Attributes to IPAM networks ............................................................................... 12
Configure DTC Servers .................................................................................................................... 16
Configure Server ruleset for DTC Pools .......................................................................................... 18
Configure DTC Pools ....................................................................................................................... 29
Configure Pool Topology Ruleset for LBDN .................................................................................... 42
Configure LBDN ............................................................................................................................... 47
DTC LBDN Visualization ................................................................................................................... 51
Test DTC LBDN ................................................................................................................................. 53
CSV Import/Export Support ............................................................................................................. 55
DTC Backup/Restore Support ...................................................................................................... 57
WAPI support .................................................................................................................................... 57
Conclusion ......................................................................................................................................... 58
Additional Information ...................................................................................................................... 58

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 2
 Introduction
DNS Traffic control (DTC) load balances user’s application traffic based on the Client’s location, the
server’s location and the server’s availability. Through DNS Traffic Control, IT administrators can set up
multiple sites and direct clients to the best available servers. DTC monitors application availability using
various types of health checks to make sure the Clients are sent to servers that are available.

Prerequisites
The following are prerequisites for Infoblox DNS Traffic Control:
• Functional Infoblox Grid with a Grid Master. Several features described in this paper were
introduced in 8.3 including DTC Health Check Support for Multi-Tier Architecture, CSV
Import/Export support, Dynamic Load Balancing Based on SNMP and RTD, and support for
SRV records.
• Active Grid with DNS license.
• DNS Traffic Control license.
• At least one NIOS appliance acting as an authoritative DNS Server (Primary).

Limitations
Following general limitations apply:
• Active Grid with DNS license.
• GSLB results are returned only if the query resolves to an authoritative zone to which an LBDN
is explicitly linked.
• DNS Traffic Control querying process is not supported for recursive queries.
• No authentication support in HTTP or HTTP/S monitor.
• No Automatic MaxMind updates. A single MaxMind DB per grid and only gets updated when a
new version is manually uploaded. Please note- this does not need to be updated very often.
• The SIP monitor does not support SCTP transport.
• DNS Traffic Control license cannot be installed on the Infoblox 4030 appliance as it is intended
as a caching only appliance.
• Infoblox does not support running DNS Traffic Control on the TE-810 and TE-820 appliances.
• DTC health monitoring does not monitor dual stack servers (supporting IPv4 and IPv6
interfaces) if the Infoblox appliance health monitoring interface does not also have IPv4 and
IPv6 IP stacks.
• The DNS Traffic Control does not support the Global application of an LBDN pattern against all
queries. The appliance returns a result only if the query resolves to an authoritative zone to
which an DNS Traffic Control LBDN is explicitly linked.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 3
 DTC Query Workflow

DNS request

Client Infoblox Grid

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 4
 1. A client sends a DNS request to a NIOS Grid Member where the DNS server processes it.
2. If the final query name belongs to a zone for which the server is authoritative and matches an
LBDN linked to that zone, then DTC handles the response. Otherwise normal DNS processing
occurs.
3. If the cache contains a previous answer to the same request for the same client and that server
is still available, it is selected. Otherwise, based on current availability and configured topology
rules, the GSLB algorithm selects first a Pool and then a specific server from that Pool
(configuration dependent).
4. A DNS record is synthesized from the address of the selected server and returned to the client.

Best Practices
To get the most from Infoblox DTC, Infoblox recommends the following best practices:
• A new DTC configuration should always be tested using the built-in LBDN test tool.
• For web application servers, HTTP and HTTP/S health monitors should be used to verify
application level availability i.e. test for a specific string being returned rather than simply port
80 availability.
• Always view the traffic management structures through the built in hierarchical map view that
can be used to quickly view the overall traffic management structure of a selected DNS Traffic
Control Object.
• Use a naming convention for LBDN’s, and their associated Pools, Servers, and Topology rules.
These naming conventions can be used for filtering within the GUI table views (they can be
saved) and to identify a Server vs. Pool Topology rule.

NIOS DTC Objects

Before implementing DTC on a NIOS appliance, an administrator must understand different objects
related to the DTC feature in NIOS. The following are the NIOS DTC objects.

DTC Servers
DTC Servers are objects that are associated with synthesized A, AAAA, NAPTR, CNAME and/or SRV
records. The IP addresses of these Servers are sent back in DNS query-responses from DTC. The
Servers can be actual physical servers, or local Server Load Balancer VIPs, or really anything with an
IP address. Servers may be used by multiple Pools and topology rules.
The Servers can also be disabled affecting all Pools using them. A Server may not be disabled if it is
the last, non-disabled Server in any Pool that is used by an LBDN. The Servers that do not belong to
any Pool or only belong to Pools that aren’t used by an LBDN may be disabled. Servers cannot be
deleted while in use and must first be removed from every Pool and topology rule using them.

DTC Pools
DTC Pools contain one or more Servers. All the Servers in a Pool are typically in the same
geographical location, but that is not a requirement. Clients are directed to a Pool using the selected
Load Balancing Method. Pools may be used by multiple LBDNs.
Pools can be disabled, and this affects all LBDNs using them. A Pool cannot be disabled if it is the last
non-disabled Pool for any LBDN using it. A Pool cannot be deleted while in use. A Pool must be
removed from every LBDN using it before it can be deleted. Pools in use must contain at least one
enabled Server.
The primary and alternate load-balancing methods of a Pool may not be the same, though load
balancing method TOPOLOGY can be used as primary and alternate with different rulesets. Pools can
be configured without health monitors.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 5
 DTC Load Balanced Domain Name (LBDN)
A DTC LBDN is a DTC object that is used by DNS Traffic Control to process DNS queries for load-
balanced resources. Multiple LBDNs can be defined on the NIOS appliance and multiple patterns can
be defined per LBDN. Permissions and extensible attributes can be configured for the LBDNs for
administrative purposes.
Multiple Pools and a single load balancing method for Pools can be assigned to an LBDN. For example,
two LBDNs can co-exist such as www.xyzcorp.com and ftp.xyzcorp.com and can have their own Pools
and load balancing methods. So when a DNS query is received by NIOS for www.xyzcorp.com or
ftp.xyzcorp.com, the load balancing method for the corresponding LBDN is checked and a response is
formulated based on their respective rule sets. The load balancing method for the Pool is again
checked and the query is then directed to the appropriate Server based on the assigned ruleset.
The image below depicts the hierarchy of the objects.

Load Balancing Methods

Based on the load balancing method defined for an LBDN, the DNS Traffic Control selects an
available pool. Based on the method selected for a pool, it selects an available server. You can define
the following Load Balancing methods:
Load Balancing Method LBDN Pool
All Available - +
Global Availability + +
Round Robin + +
Ratio: Fixed + +
Ratio: Dynamic (Round Trip Delay) - +
Ratio: Dynamic (SNMP) - +
Topology + +

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 6
 All Available
The All Available Load Balancing method responds to the query with all the available servers in the
DTC pool for the appropriate record type. The responses are returned in the same order in which the
servers are listed in the DTC pool, eliminating the unavailable servers. Availability is based on Health
Monitor(s) used. The system considers only the order of the servers in the DTC pool and ignores the
weight of available servers.
Order Weight Server Availability
1 n/a 1.1.1.1 up
2 n/a 2::2 up
3 n/a 3.3.3.3 down
4 n/a 4::4 down
5 n/a 5.5.5.5 up
With the Pool configuration shown in table above, queries for A records would result in a response of
both 1.1.1.1 and 5.5.5.5, and queries for AAAA records would result in 2::2.

Global Availability
The Global Availability Load Balancing method always returns the first available Server that is in the list
of Servers (obviously order is important). Availability is based on Health Monitor(s) used. It is an
excellent load balancing method for DR. There is no weight configuration as part of this load balancing
method. An example is shown in table below:
Order Weight Server Availability
1 n/a 1.1.1.1 down
2 n/a 2::2 up
3 n/a 3.3.3.3 up
4 n/a 4::4 down

With the Pool configuration shown in table above, queries for A records would result in a response of
3.3.3.3 and queries for AAAA records being returned 2::2.

Round Robin
In Round Robin method, the appliance returns servers sequentially and cyclically
Consider the following example where a Pool has three servers listed below:
• 10.10.1.1
• 10.10.2.2
• 10.10.3.3
Responses to DNS queries will be sequential in the following order,
10.10.1.1, 10.10.2.2, 10.10.3.3, 10.10.1.1, 10.10.2.2, 10.10.3.3……..

Ratio:Fixed
For the Ratio:Fixed method, the results' distribution over time matches their weights but there is no
expectation for sequential results. Responses are randomized, with each available option assigned a
probability equal to its weight divided by the total weight of all available options. An example is shown in
table below:
Order Weight Server Availability
1 1 1.1.1.1 down
2 2 2::2 up
3 2 3.3.3.3 up
4 2 4::4 up
5 1 5.5.5.5 up

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 7
 With this Pool configuration and state, un-cached queries for A address is going to return 66% 3.3.3.3
and 33% 5.5.5.5 while un-cached queries for AAAA will return 50% 2::2 and 50% 4::4. Responses are
going to exhibit no particular order.

Ratio:Dynamic
Using the Ratio: Dynamic method, the appliance weights the DTC servers dynamically based on round
trip delay or SNMP health monitor data. You can use one of the following options:
• Round trip delay: Based on the round-trip delay from the DTC member that received a client’s
DNS request, the system sends clients to the server with the minimal latency time, i.e. the
closest one. You need a pre-configured health monitor for this load balancing method. An
example is shown in the table below:
Server Latency (ms)
A 25
C 18
D 50
With this configuration, 100% of the traffic is distributed to Server C.
• SNMP: Based on data from the SNMP monitor associated to the server, for example, CPU or
memory utilization, the system sends clients to the server with the lowest load. For this load
balancing method, you need a pre-configured SNMP health monitor with a required metric to
be tracked. The metric is set through an object identifier (OID) in the monitor properties. This
method supports only OIDs for which the server can return an integer value.
The value of the monitored metric defines how the traffic is directed. By default, the servers
with the highest metric values receive the client requests. There may be cases when your
selected metric reflects server availability in the opposite way, that is, the lowest metric values
indicate available servers. For such cases, you can invert the value of the OID, that is, of the
monitored metric, and have the traffic directed to the lowest-rated servers.
You can select to weight servers by either priority or ratio. In case of priority, traffic is directed
towards the servers that report the best metric values, other servers being bypassed. In case of
ratio, traffic is distributed across all servers based on the values of the monitored metric for
each of them. If a health check for a server is failed, the server is excluded from the load
balancing.
An example is shown in the table below:
Server CPU utilization (%)
A 90
C 50
D 10
With normal dynamic weights, 60% of the traffic is distributed to Server A, 33% to Server C, and 7% to
Server D.
This means that the most loaded server will receive most requests than the less loaded one. For this
case, the metric should be inverted to reflect server availability appropriately, resulting in 8% of the
traffic being distributed to Server A, 15% to Server C, and 77% to Server D.

Topology
Topology Rules are configured globally and can be reused. Topology rules map a source IP to a
destination Pool or Server. There are three types of Topology Rules:
1. Subnet – most often used with internal authoritative DNS
2. Geography- uses the MaxMind database to identify the location of the Client IP, typically used
with external authoritative DNS as the MaxMind database contains public IP addresses.
3. Extensible Attribute- uses the Extensible Attributes (EAs) associated with the Client IP’s subnet
to identify the location of the Client IP.
When GSLB processing evaluates a Topology Ruleset, it logically walks the list of Topology Rules in

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 8
 order and uses the first match with an available destination. Topology Rulesets can contain any
combination of Subnet, Geography and Extensible Attribute Rules.
A Subnet Rule matches if the subnet contains the client IP.
To use Extensible Attribute Rules, the Admin specifies up to 4 Extensible Attributes to use for matching.
The EAs selected are presumed to have a hierarchy based on geography, for example
Continent/Country/Subdivision/City, though it is not enforced. A client IP matches an Extensible-
Attribute Rule if the Extensible Attributes of the Client subnet match the values specified in the
Extensible Attribute Rule.
A client IP matches a Geography rule if the MaxMind values selected matches the location of the Client
IP.
As an example, assume that the following set of custom topology rules is configured and linked to an
LBDN:
Rule Source Conditions Destination
1 CONTINENT IS "North America" Pool Non_US_Pool
COUNTRY IS_NOT "United States"
2 COUNTRY IS "United States" Pool US_Pool
3 CONTINENT IS "North America" Pool NA_Pool
4 SUBNET IS_NOT 173.194.33.0/24 Pool DEFAULT_Pool
• A rule matches only if all source conditions match, so the US won't match rule #1 despite
being in North America.
• Rules are matched in order, so rule #3 will never be used.
• Subnet rules ignore the GeoIP database, so any other traffic that isn't from the
173.194.33.0/24 network will be directed to the default Pool.
If no rules are matched, then either the alternate LB method is used, if any, or a response is based on
content from DNS that is not an LBDN. NXDOMAIN is one possible response.

DTC Health Monitors

Health monitors determine the availability of DTC Servers and help route application traffic to the best
available Servers. Health monitors are associated with Pools and not Servers. Every health monitor
checks each Server that is associated with the Pool. NIOS supports pre-defined monitors (HTTP, ICMP,
PDP, SIP, SNMP, and TCP) and new custom health monitors can be created.
NIOS 8.2 onwards, Multi-tier health check is supported. You can choose if you want to monitor at a pool
level or the server level, or both. For example, at the pool level you may choose ICMP as your monitor
to ensure that the server is up. Additionally, you can add another monitor at the server level to check
the health of the link on the server by polling an external domain. This tests the health of one or more
arbitrary servers to determine the availability of the application on the DTC server.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 9
 DTC Use Cases
The following two use cases are the most common:
a. Load balancing Internet applications
b. Load balancing internal/Intranet applications
c. Disaster Recovery

Load Balancing Internet applications

In this use case, we use the built-in MaxMind database support, which contains information about which
IP address blocks belong to which Geographical area of the world. The built-in Maxmind Database
support is used to identify a query source IP address at the Continent, Country, City and Subdivision
levels. Geography Rules use the Maxmind database to identify the location of the source of the DNS
query, and select the appropriate Pool. Pools also use Geography Rules to further direct the DNS query
to appropriate DTC Servers.
For example, an Admin can configure an LBDN to use a Geography Ruleset, which directs DNS
queries to either a Europe Pool or a North America Pool. The Maxmind database will be used in
determining the origin of the DNS query. If the DNS query originates from within Europe, it is directed to
Europe Pool. For all queries originated from North America, the destination Pool is going to be North-
America Pool.
Both the Europe and North America Pools can be configured to further direct queries to the appropriate
Server based on the Client’s location. For example, if the query originated from the UK, the DTC
configuration can direct it to the UK Datacenter Server and if it originated from any European country
other than UK it is directed to the Paris Datacenter server. It boils down to what a user wants to achieve
in terms of load balancing an application.

Load Balancing Internal/Intranet Applications

Traffic can be load balanced using DTC based on the querying client’s subnet or the Extensible
Attributes of the client’s subnet.
A simple example of this use case is two subnet rules as follows:

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 10
 • Subnet Rule-1. If the DNS query originates from subnet1, it is directed to Pool1. Then Pool1
directs DNS queries to appropriate DTC servers based on load balancing method configured
(Ratio, Round Robin or Global Availability)
• Subnet Rule-2. If the dns query originates from subnet2, it is directed to Pool2. Then Pool2
directs DNS queries to appropriate DTC servers based on load balancing method configured
(Ratio, Round Robin or Global Availability)
The Extensible Attribute use case example is provided as a step by step procedure under section
“Deploying DTC”.
You can even utilize DNS resolution to provide traffic segregation of Microsoft Active Directory (AD)
authentication for non-site-aware clients. DTC can be used as a solution by providing site specific
Service Record (SRV) responses based on device location, whether on-premises or in the public cloud.

The Disaster Recovery Use case

This use case is based on availability to provide continuity of service for applications. For example, if
Servers at a Primary Datacenter are unavailable, the application traffic can be directed to Servers at a
Backup Datacenter. The load balancing method configured in this use case is Global Availability. The
idea is to have all traffic go to the Primary Datacenter as long as it is available. If the Primary
Datacenter ever goes down, then all traffic will be directed to the Backup Datacenter. When the
Primary Datacenter comes back online, all traffic will again be directed to the Primary Datacenter.
It is possible to combine topology and availability rules for services.

Deploying DTC
We are going to use “Load balancing DNS resources for the internal enterprise network” as an
example.
The following steps are required to bring up this DTC use case:
• Assign Extensible Attributes to the networks from where the DNS queries originate
• Configure DTC Servers
• Configure Server Topology Rulesets for DTC Pools
• Configure DTC Pools
• Configure Pool Topology Ruleset for LBDN
• Configure LBDN

Setup Details
In this use case, there are five Data Center Servers, part of three Pools, that are configured for one
LBDN.
DTC Server Location DTC Pool LBDN FQDN
dtc-vm-apac-1 Singapore
APAC-Pool
dtc-vm-apac-2 Bangalore
dtc-vm-emea-1 London LBDN-demo-dg.com www.demo-dg.com
EMEA-Pool
dtc-vm-emea-2 Paris
dtc-vm-americas Chicago Americas-Pool
The topology is built using Extensible Attributes that are already in use or can be configured for building
an internal MaxMind style Geo-IP database.
The extensible attributes used in this use-case are:
Extensible Attribute Possible values
Corp_Region APAC/EMEA/NAM
Corp_Country Singapore/India/UK/France/USA
Corp_City Singapore/Bangalore/London/Paris/Chicago
Corp_Building HQ/BO

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 11
 Assign Extensible Attributes to IPAM networks
In an enterprise environment with internal IP ranges (without a GeoIP database), EAs can be used to
build a manual internal GeoIP database by mapping EAs to networks in IPAM.
In our example we are using networks,
• 192.168.3.0/24
• 192.168.4.0/24
• 192.168.5.0/24
• 192.168.6.0/24
• 192.168.7.0/24
To update the IPAM networks with the EAs:
1. Click Data Management → IPAM and navigate to networks 192.168.3.0/24.

2. Click Gear next to 192.168.3.0/24 network.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 12
 3. Select Extensible Attributes as shown above.

4. Click +.
5. Select Corp-Region under Attribute Name column and select APAC from drop-down list in
Value column.
6. Click +.
7. Select Corp-Country under Attribute Name column and select Singapore from drop-down list in
Value Column.
8. Click +.
9. Select Corp-City under Attribute Name column and select Singapore from drop-down list in
Value column.
10. Click +.
11. Select Corp-Building under Attribute Name column and select HQ from drop-down list in Value
column.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 13
 12. Click Save & Close.

13. Repeat steps 2 to 11 for the following networks:

̶ 192.168.4.0/24
- Corp-Region (APAC)
- Corp-Country (India)
- Corp-City (Bangalore)
- Corp-Building (BO)
̶ 192.168.5.0/24
- Corp-Region (EMEA)
- Corp-Country (UK)
- Corp-City (London)
- Corp-Building (BO)
̶ 192.168.6.0/24
- Corp-Region (EMEA)
- Corp-Country (France)
- Corp-City (Paris)
- Corp-Building (BO)
̶ 192.168.7.0/24
- Corp-Region (NAM)
- Corp-Country (USA)
- Corp-City (Chicago)
- Corp-Building (BO)

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 14
 14. Once all networks are assigned EAs, the IPAM screen must look like the screenshot below.

15. Click Grid DNS Properties from Toolbar under Data Management→DNS.

16. Click Traffic Control.

17. Click External Attributes 1 drop down menu and select Corp-Region.
18. Click + to add External Attribute 2.
19. Select Corp-Country.
20. Click + to add External Attribute 3.
21. Select Corp-City.
22. Click + to add External Attribute 4.
23. Select Corp-Building.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 15
 24. Click Save & Close.
25. Click Rebuild.

Configure DTC Servers

In our example we are going to add five DTC Servers with the following names and IP addresses.
DTC Server IP address Datacenter
dtc-vm-apac-1 172.26.1.68 Singapore
dtc-vm-apac-2 172.26.1.54 Bangalore
dtc-vm-emea-1 172.26.1.53 London
dtc-vm-emea-2 172.26.1.51 Paris
dtc-vm-americas 172.26.1.55 Chicago
The steps below are going to add vm-apac-1 DTC server directly through IPAM assuming that there is a
DNS record entry for the DTC server in IPAM. If none, then user must create a DNS record entry, such
as an A record. Note: there are other ways to add DTC servers such as using the Toolbar. From NIOS
8.0, functionality has been added to directly create DTC servers from discovered data using IPAM.
Once the Extensible Attributes (EAs) and the DNS records for the DTC servers have been configured,
the user can then add the remaining three servers by repeating these steps:
1. Go to Data Management → IPAM
2. Navigate to network IP Map of 172.26.1.0/24 from where dtc-vm-apac-1 server is to be
created.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 16
 3. Click on 172.26.1.68.

4. Scroll down all the way to Related Objects section under IP Map, and Click on Gear next to
vm-apac-1.dtc-demo.com (A record) and select Create DTC Server.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 17
 5. Type dtc-vm-apac-1 in the Name field.
6. Click Save & Close.

Repeat steps 2 to 4 to add remaining four DTC servers.

Configure Server ruleset for DTC Pools

In our example we are going to configure three Server Topology Rulesets, one for Asia Pacific Pool,
one for the Europe Pool and one for the North-America Pool. The Topology Rulesets are named APAC-
Ruleset, EMEA-Ruleset and NAM-Ruleset, respectively.
The topology rulesets are Extensible Attribute rulesets introduced in NIOS release 8.0.

Ruleset Rules Destination Server

The source DNS query is from Asia and more dtc-vm-apac-1
specifically from Singapore HeadQuarters
APAC-Ruleset
The source DNS query is from Asia and more dtc-vm-apac-2
specifically from Branch Office in Bangalore
The source DNS query is from Europe and more dtc-vm-emea-1
specifically from Branch Office in London
EMEA-Ruleset The source DNS query is from Europe and more dtc-vm-emea-2
specifically from Branch Office in Paris
HeadQuarters
The source DNS query is from North America and dtc-vm-americas
NAM-Ruleset
specifically from Branch Office in Chicago
To configure the Topology Rulesets for DTC Pools, follow the steps below:
1. Go to Data Management → DNS → Traffic Control.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 18
 2. Click Manage Topology Rulesets from Toolbar.

3. In Topology Manager, click + to open Ruleset window.

4. Type APAC-Ruleset in Name field.

5. Select Server as Destination Type.

6. Click + in Rules section and select Extensible Attribute Rule.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 19
 7. Select APAC for Corp-Region.
8. Select Singapore for Corp-Country.
9. Select Singapore for Corp-City.
10. Select HQ for Corp-Building.
11. Select server dtc-vm-apac-1 for Destination.
12. Click Add.

13. Click + in Rules section and select Extensible Attribute Rule.

14. Select APAC for Corp-Region.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 20
 15. Select India for Corp-Country.
16. Select Bangalore for Corp-City.
17. Select BO for Corp-Building.
18. Select server dtc-vm-apac-2 for Destination.
19. Click Add.

20. Click Save & Close.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 21
 21. In Topology Manager Click + to open Ruleset window.
22. Type EMEA-Ruleset in Name field.
23. Select Server as Destination Type.
24. Click + in Rules section and select Extensible Attribute Rule.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 22
 25. Select EMEA for Corp-Region.
26. Select UK for Corp-Country.
27. Select London for Corp-City.
28. Select BranchOffice for Corp-Building.
29. Select server dtc-vm-emea-1 for Destination.
30. Click Add.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 23
 31. Click + in Rules section and select Extensible Attribute Rule.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 24
 32. Select EMEA for Corp-Region.
33. Select France for Corp-Country.
34. Select Paris for Corp-City.
35. Select BranchOffice for Corp-Building.
36. Select server dtc-vm-emea-2 for Destination.
37. Click Add.

38. Click Save & Close.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 25
 39. In Topology Manager Click + to open Ruleset window.
40. Type NAM-Ruleset in Name field.
41. Select Server as Destination Type.
42. Click + in Rules section and select Extensible Attribute Rule.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 26
 43. Select NAM for Corp-Region.
44. Select USA for Corp-Country.
45. Select Chicago for Corp-City.
46. Select BO for Corp-Building.
47. Select server dtc-vm-americas for Destination.
48. Click Add.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 27
 49. Click Save & Close.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 28
 Configure DTC Pools
In our example, we are going to configure three DTC Pools with the following servers and Topology
Load Balancing methods.
DTC Pool Ruleset for Topology Load balancing Member Servers
dtc-vm-apac-1
APAC-Pool APAC-Ruleset
dtc-vm-apac-2
dtc-vm-emea-1
EMEA-Pool EMEA-Ruleset
dtc-vm-emea-2
Americas-Pool NAM-Ruleset dtc-vm-americas
From the NIOS 8.0 release, Default Visualization can be used to configure these DTC objects and in
the following section user can learn how to use them.
To configure DTC Pools:
1. Go to Data Management → DNS → Traffic Control.
2. From Toolbar, Click Add.
3. Select Default Visualization.

4. Click on POOL_TEMPNAME_xxxxx (where xxxxx is some randomly generated number).

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 29
 5. Click on Add Existing Server.

6. Select Servers dtc-vm-apac-1 and dtc-vm-apac-2 from DTC Server Selector.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 30
 7. Select SERVER_TEMPNAME_xxxxx from Pool Members.
8. Click Delete.

9. Click General tab and type APAC-Pool in Name field.

10. Click Health Monitors tab.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 31
 a. select ICMP and HTTP health monitors to move them under Active column.

11. Note that with NIOS 8.3, in the Advanced tab, you can select which member will run the
monitor.

12. Click Load Balancing tab.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 32
 13. Select Topology under Preferred.

14. Select APAC-Ruleset under Topology Ruleset.

15. Click Save & Close.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 33
 16. Click on the gear icon next to APAC-Pool, and select Enable

Repeat above steps to add EMEA-Pool as follows:

1. From Toolbar, click +Add.
2. Select Default Visualization.

3. Click on POOL_TEMPNAME_xxxxx (where xxxxx is some randomly generated number)

4. Click on Add Existing Server.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 34
 5. Select Servers dtc-vm-emea-1 and dtc-vm-emea-2 from DTC Server Selector.
6. Select SERVER_TEMPNAME_xxxxx from Pool Members.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 35
 7. Click Delete.

8. Click General Tab and type EMEA-Pool in Name field.

9. Click Health Monitors tab.

a. select ICMP and HTTP health monitors to move them under Active column.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 36
 10. Click Load Balancing tab.
11. Select Topology under Preferred.
12. Select EMEA-Ruleset under Topology Ruleset.
13. Click Save & Close.

14. Click on the gear icon next to the EMEA-Pool, and click on Enable

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 37
 Repeat above steps to add Americas-Pool as follows:
1. From Toolbar, click +Add.
2. Select Default Visualization.

3. Click on POOL_TEMPNAME_xxxxx (where xxxxx is some randomly generated number)

4. Click on Add Existing Server.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 38
 5. Select Servers dtc-americas from DTC Server Selector.
6. Select SERVER_TEMPNAME_xxxxx from Pool Members.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 39
 7. Click Delete.

8. Click General Tab and type Americas-Pool in Name field.

9. Click Health Monitors tab.

a. select ICMP and HTTP health monitors to move them under Active column.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 40
 10. Click Load Balancing tab.
11. Select Topology under Preferred.
12. Select EMEA-Ruleset under Topology Ruleset.
13. Click Save & Close.

14. Click on the gear icon next to the Americas-Pool, and click on Enable

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 41
 Configure Pool Topology Ruleset for LBDN
In our example we are going to configure a ruleset for the LBDN named LBDN-demo-dg.com with
destination as Pool.
The ruleset is going to have three rules as follows:
Ruleset Rules Destination Server
The source DNS query is from Asia Pacific region APAC-Pool
LBDN-demo-dg-Ruleset The source DNS query is from Europe region EMEA-Pool
The source DNS query is from North America region Americas-Pool
To configure the Topology ruleset for LBDN follow the steps below:
1. Go to Data Management → DNS → Traffic Control.
2. From Toolbar, Click Manage Topology Rulesets.

3. In Topology Manager, click + to open Ruleset window.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 42
 4. Type LBDN-demo-dg-ruleset in Name field.
5. Select Pool as Destination Type.
6. Click + in Rules section and select Extensible Attribute Rule.

7. Select APAC for Corp-Region.

8. Select Any for Corp-Country.
9. Select Any for Corp-City.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 43
 10. Select Any for Corp-Building.
11. Select pool APAC-Pool for Destination.
12. Click Add

13. Click + in Rules section and select Extensible Attribute Rule.

14. Select EMEA for Corp-Region.
15. Select Any for Corp-Country.
16. Select Any for Corp-City.
17. Select Any for Corp-Building.

18. Select pool EMEA-Pool for Destination.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 44
 19. Click Add.

20. Click + in Rules section and select Extensible Attribute Rule.

21. Select NAM for Corp-Region.

22. Select Any for Corp-Country.
23. Select Any for Corp-City.
24. Select Any for Corp-Building.
25. Select pool Americas-Pool for Destination.
26. Click Add.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 45
 27. Click Save & Close.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 46
 Configure LBDN
In our example we are going to create a Load balanced domain name LBDN-demo-dg.com using
Default Visualization.
DTC LBDN Pattern Authoritative Ruleset for Member
zone Topology Pools
Load
balancing
LBDN- APAC-Pool
LBDN-demo-dg.com *.demo-dg.com demo-dg.com demo-dg- EMEA-Pool
ruleset Americas-Pool

To configure LBDN:
1. Go to Data Management → DNS → Traffic Control.
2. Click gear icon next to a LBDN_TEMPNAME_xxxxx (where xxxxx is a random number).
a. Select Expand Visualization.

3. Move cursor over LBDN_TEMPNAME_xxxxx.

a. Select Edit.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 47
 4. In General Tab, Type LBDN-demo-dg.com in Display Name field.
5. Click +.
6. Type *.demo-dg.com in row under Patterns table.
7. Select Topology as Load Balancing Method.
8. Select LBDN-demo-dg-ruleset as Topology Ruleset.
Note that with NIOS 8.3, state persistence was introduced. When you enable persistence for an LBDN,
the appliance stores the results for specific LBDN responses in the DNS Traffic Control cache. When a
request originates from the respective FQDN or an IP address within the specified period, the DNS
server directs the request to the same server.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 48
 9. In Associated Zones and Records Tab, click +.
10. Select demo-dg.com zone from the list.

11. In Pools Tab, click +.

12. Select APAC-Pool and repeat step 11 for EMEA-Pool and Americas-Pool.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 49
 13. Click Save & Close.

14. Move cursor over LBDN-demo-dg.com in Visualization.

15. Click Enable.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 50
 16. Click Yes.
17. Close Visualization display.
18. Click Restart.

DTC LBDN Visualization

As complicated DTC configurations can be created, the GUI provides a graphical view where an
administrator can visualize the hierarchy of DTC objects along with the configuration status.
In our example, we are going to see the Traffic Management structure of our configured DTC LBDN
named LBDN-demo-dg.com by clicking on the gear icon next to the DTC LBDN and selecting Expand
Visualization.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 51
 This takes us to a page with graphical representation of the selected DTC LBDN. The working
configuration is displayed with all checkmarks in Green.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 52
 The Legend shows colors that provide the status of the DTC LBDN, for example Green means
everything is running.
The traffic management structure is an inverted tree representation with its root at DTC LBDN. In our
example, the root is branching out to three DTC Pools named APAC-Pool, EMEA-Pool and Americas-
Pool, which are further, branched out to their respective DTC Server members. We can click on any of
the DTC objects to view the next DTC objects under it. The NIOS DTC visualization tool is not just a
read-only tool a user can add, delete and modify DTC config with a click of a button.
Note: You may need to wait about 3 minutes after a service restart for the all items on the visualization
to be displayed as a green status.

Test DTC LBDN

Infoblox NIOS provides a testing function to test the DTC response for a specific LBDN. Using this the
configuration of the DTC LBDN can be validated. Only Infoblox LBDNs can be tested using this feature.
To test an LBDN:
1. Go to Data Management → DNS → Traffic Control.
2. Click on Gear icon next to LBDN-demo-dg.com.
3. Click Test.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 53
 4. Type 192.168.3.50 in Query Source field.
5. Type www.demo-dg.com in Query Name field.
6. Select nios.dtc-demo.com in Member field by clicking Select button.
7. Select A for Record Type.
8. Click Start.

Verify the Query Response as “172.26.1.68”. It is Server dtc-vm-apac-1 served when query originated
from HQ/Singapore/Singapore/APAC.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 54
 Similarly, you can test it out for other source IPs as well, as shown below

CSV Import/Export Support

From NIOS 8.3 onwards, you can use the CSV Import feature to migrate data from other load balancing
solutions or modify multiple objects at a time. You can do so, by clicking on the CSV import option on
the Toolbar.
You can refer to the CSV import reference available on the Infoblox Documents portal.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 55
 You can also export DTC data as a CSV for external parsing or historical backups of the configuration.
You can do so by selecting all the DTC objects, and clicking on the export option and selecting Export
data in Infoblox CSV Import Format.

Click on Export.

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 56
 DTC Backup/Restore Support
From NIOS 8.3 onwards, you can backup DTC specific information, by navigating to Grid → Grid
Manager, and selecting DTC Backup from the Backup option in the Toolbar.

Similarly, you can restore a DTC backup, by selecting the DTC Restore from the Restore option in the
Toolbar.

WAPI support
You can use the Infoblox RESTful APIs to create DTC configuration. The endpoints supported are as
shown below:

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 57
 dtc : DTC object
dtc:allrecords : DTC AllRecords object
dtc:certificate : DTC Certificate object
dtc:lbdn : DTC LBDN object
dtc:monitor : DTC monitor object
dtc:monitor:http : DTC HTTP monitor object
dtc:monitor:icmp : DTC ICMP monitor object
dtc:monitor:pdp : DTC PDP monitor object
dtc:monitor:sip : DTC SIP monitor object
dtc:monitor:snmp : DTC SNMP monitor object
dtc:monitor:tcp : DTC TCP monitor object
dtc:object : DTC object
dtc:pool : DTC Pool object
dtc:record:a : DTC A Record object
dtc:record:aaaa : DTC AAAA Record object
dtc:record:cname : DTC CNAME Record object
dtc:record:naptr : DTC NAPTR Record object
dtc:record:srv : DTC SRV Record object
dtc:server : DTC Server object
dtc:topology : DTC Topology object
dtc:topology:label : DTC Topology Label object
dtc:topology:rule : DTC Topology Rule object

For more information on each of the objects, you can refer to the RESTful API documentation available
on the Infoblox Documentation Portal.
For sample API calls, you refer to the DNS Traffic Control section in the Infoblox REST API Reference
Guide.

Conclusion
Infoblox DNS Traffic Control combines DNS management with intelligent GSLB functionality, so you
can have automated and scalable high performance, all in one solution.

Additional Information
Community article: Create full DTC configuration in WAPI (v2.1 and above) from scratch in a single
Request
Community blog: Using DNS Traffic Control for Microsoft Active Directory Domain Controller Selection
Tech Video: DTC Features Webinar

Enabling and Configuring DNS Traffic Control in NIOS 8.x – January 2018 58
Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services. Infoblox brings next-level security,
reliability and automation to on-premises, cloud and hybrid networks, setting customers on a path to a single pane of glass for network
management. Infoblox is a recognized leader with 50 percent market share comprised of 8,000 customers, including 350 of the
Fortune 500.

Corporate Headquarters | 3111 Coronado Dr. | Santa Clara, CA | 95054

+1.408.986.4000 | 1.866.463.6256 (toll-free, U.S. and Canada) | [email protected] | www.infoblox.com

© 2018 Infoblox, Inc. All rights reserved. Infoblox logo, and other marks appearing herein are property of Infoblox, Inc. All other marks are the
property of their respective owner(s).