The Barracuda Link Balancer can act as an authoritative DNS server, returning definitive domain names to DNS queries about its configuration. This allows you to define one or more domains that are accessible via more than one WAN link. When asked to resolve a host, the Barracuda Link Balancer returns an IP address from an available WAN link. This provides two benefits:
- Failover - If a WAN link goes down, the domain is still available via another WAN link.
- Incoming link balancing - Incoming traffic to the domain is spread across all links configured for that domain.
Only WAN links with static IP addresses can be advertised to respond to DNS queries. However, you can accept traffic on any of your WAN links for a domain configured on the Barracuda Link Balancer. DNS resource records describe the hosts, name servers and other attributes of the domain. Following these instructions, and using the web interface of the Barracuda Link Balancer, you can create records that describe the domain or domains hosted on the LAN side of the Barracuda Link Balancer. The supported DNS resource records are described in How to Configure the DNS Server.
DNS Records Time to Live
Configuring the Barracuda Link Balancer as an authoritative DNS server for the domains behind it increases the availability of your hosted servers. When asked for the IP address of a host name, the Barracuda Link Balancer returns a DNS A record containing the IP address of a WAN link. Every DNS record has a Time to Live (TTL) value. TTL is the length of time that a DNS record may be cached. For most DNS records, two days is a typical TTL. However, A records should have a much shorter TTL, such as 30 seconds. If a WAN link fails, its address will no longer be returned, so inbound traffic to this host will not be disrupted. A short TTL value for this record ensures that cached addresses for failed links time out quickly. Specifying a short TTL for A records also assists in link balancing. Because the returned address for a host varies among the available links, the short TTL guarantees that the link used for incoming traffic to that host also varies frequently.
Use this feature if you are hosting services such as web servers, VPNs and email that are name-based. This increases the availability of your services and provides a way to do inbound link balancing.
The Barracuda Link Balancer supports a split DNS infrastructure. If the same host name is used for a resource accessible both internally and externally, internal network clients receive the internal IP address and external clients receive the external IP address when they request the address of that host name. Specifically, the A record for the host name includes two views, one with the internal IP address and one with the external IP address. So, clients only see the address that they should use.
The split DNS infrastructure handles accessing resources using a host name. What about accessing externally accessible resources using an IP address? If local clients use external IP addresses to access internal servers, the Barracuda Link Balancer translates the address and properly forwards those requests back to internal servers.
DNS Zone Transfer Blocking
The Barracuda Link Balancer can be configured to block zone transfers on some or all of the domains that it hosts. An AXFR/IXFR query sent from another DNS server to the Barracuda Link Balancer (to request a copy of the DNS records) is rejected if zone transfers are disabled for that domain. By default, zone transfers are enabled for all domains created.