Use a health probe to verify the availability of a certain target. When the target is available, the health probe returns a positive result. Depending on the result, a configured IP address can be returned for a DNS query if the probed target is available.
Health probes can be used only for A, AAAA, and MX records.
Although client queries are processed asynchronously from probing, the following image lays out the basic communication flow that lies between requesting and responding. For more information, see the paragraph "Probe Timing and Pattern" in the article DNS.
Before You Begin
- Verify that all service IP addresses are already configured that are necessary for answering DNS queries on the respective incoming interfaces. For more information, see How to Assign Services.
Configure a DNS Health Probe
Create and attach a health probe to a certain interface / IP address on the firewall from where probing packets are sent to a certain target IP address.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
- In the left menu, click DNS Settings.
- In the main window, select Yes for ADNS Health Probing if you want to activate it.
- In the main window, click + to the right of the table of the section Health Probes.
- The Add New Health Probes window is displayed.
- For Probe Name, enter a name that clearly lets you identify the health probe, e.g., probe-WS1-via-ISP1.
- For Probe Type, select the method how you want the target to be probed.
- ICMP – Select this option if your target must be probed using the ICMP protocol (
ping
). - (Alternatively) TCP – Alternatively select TCP:
- Probing Target – Add the IP address for the probing target.
- Port – Add the port number.
- HTTP/S – Select this option if you want to probe a target that provides information on port 80/443, e.g. web server.
- Probing Target – Add a HTTP/S URL.
- TCP + Port – Select this option if none of the above options cover your requirements, and enter your individual values as needed.
- ICMP – Select this option if your target must be probed using the ICMP protocol (
- Probe Source – Select the egress interface either via the IP Address or the Interface option.
- Source Interface – Select the egress interface on your firewall.
- IP Address – Select the egress interface by its related IP address.
- Probing Target – Enter the IP address of the target host that must be probed for its availability.
- Probing Interval – The standard interval in which the target is (re-)probed in case it is not reachable. The default value is 30 sec. Enter another value if required.
- Probing Threshold – Specifies how many times probing can fail before the probed IP is removed from the DNS list of available targets. The default value is 3 times. Enter another value if required.
- Click OK.
- Click Send Changes.
- Click Activate.
After sending the configuration, the health probe is displayed in the main window in the list.
The health probe can now be used in conjunction with IP addresses that will be part of a DNS response in case the probed target is available.