Make the Barracuda Link Balancer an Authoritative DNS host and configure the DNS Server for inbound load balancing.
Step 1. Enable Authoritative DNS
Enable Authoritative DNS on the Barracuda Link Balancer to identify which WAN links are to be used as name servers.
- Log into the Barracuda Link Balancer web Interface.
- Go to the Services > Authoritative DNS page.
- Select Enabled for Authoritative DNS and for each of the WAN links in the table of DNS Server listen links. This table includes all WAN links with static IP addresses (configured on the Basic > Links page). You can change the value for the Name Server for each link or keep the default. The Name Server value is used as a label for NS records for all domains. Enter an unqualified name, for example, ns1.
- Click Save Changes.
Step 2. Create One or More Domains
To define one or more domains on the Barracuda Link Balancer,
- Check that the value for Default Domain specified on the Basic > IP Configuration page is accurate. If the built-in firewall is enabled, and if you have created 1:1 NAT rules and/or port forwarding rules, make sure that they use the correct host name. You can look at those rules on the Firewall page.
- Go to the Services > Authoritative DNS page.
- In the Domain section, enter the domain and click Create.
You should see that the following records are created:
- Start of Authority (SOA)
- Name Server (NS) - One NS record for each name server in the DNS Server Listen Links table is generated.
- Address (A) - One A record is created for each name server in the DNS Server Listen Links table. An A record is also created for each matching host name found in 1:1 NAT and Port Forwarding rules, as described in the next section.
If the Barracuda Link Balancer has the firewall enabled:
- When you create a new domain, the Barracuda Link Balancer looks for existing 1:1 NAT and port forwarding rules that include names in the Hostname field that have a domain suffix that is the same as the newly created domain name.
- Or, if you create a domain that is the same as your default domain (as specified on the Basic > IP Configuration page), the Barracuda Link Balancer looks for rules that have host names that do not appear to be fully qualified domain names.
- In either case, an A record for each matching rule, including both external and internal addresses, will be automatically created for each host name.
The DNS records are created with typical default values. You can see all values for each record and modify them by clicking Edit next to the record in the DNS Records section.
Step 3. Set up DNS for Internal Clients
If you have an internal DNS server, configure it to forward queries to the LAN IP address of the Barracuda Link Balancer.
If the built-in firewall of the Barracuda Link Balancer is enabled:
As already described, when you create a new domain, the Barracuda Link Balancer looks for existing 1:1 NAT and port forwarding rules that include names in the Hostname field appearing relevant and creates an A record for each matching rule, including both external and internal addresses. In some cases, this mapping will not reflect your configuration.
- Using an internal network client, try to access a host name for a resource that is available both internally and externally.
- If the test fails, edit the A record for the unresolved host name. The DNS Record page opens.
- In the IP Addresses table, add addresses to the Local Network column to be used in response to internal DNS queries.
If the built-in firewall of the Barracuda Link Balancer is disabled:
The Barracuda Link Balancer is not able to map external to internal IP addresses if the firewall is disabled. If you want internal addresses to be served,
- Edit the A record for the host name of each resource that is available both internally and externally. The DNS Record page opens.
- In the IP Addresses table, add IP addresses to the Local Network column to use in response to internal DNS queries.
- Using an internal network client, test your changes by trying to access the resource using its host name.
Step 4. Add More DNS Records
Add more DNS records to your domain(s) to match your configuration. For example, each email server needs an MX record and a corresponding A record. Each web server needs an A record.
If you have externally reachable IP addresses that are not tied to any interface, such as ARIN networks, create an A record for each one:
- If the address is not routed through the Barracuda Link Balancer, select CUSTOM in the Links list.
- If the address is routed through the Barracuda Link Balancer, select ANY in the Links list.
Step 5. Update Your Domain Registrar
If you haven't already registered your domain name, register it with a domain name registrar like GoDaddy.com or register.com. Make the NS records of the domain point to your static WAN IP addresses. If your domain name is already registered, contact your registrar to update the NS records so the domain points to your static WAN IP addresses. Remove records that reference the domain or domains that are now delegated to the Barracuda Link Balancer.
Hosting a Sub-Domain
If your domain is hosted at your ISP or elsewhere, and you want to delegate a sub-domain to be resolved by the Barracuda Link Balancer, you must add some records to the zone file of the domain where it is stored at the registrar. If the domain is example.com, and you want to host my.example.com and you have two name servers ns1 and ns2, add these lines, using the actual IP addresses of your name servers:
my IN NS ns1 my IN NS ns2 ns1 IN A 22.214.171.124 ns2 IN A 192.0.2.2
Then you can create the my.example.com domain on the Barracuda Link Balancer.
Step 6. Test External Access
From a host on the Internet, run nslookup on your domain name(s). The returned IP addresses should be the IP addresses of your WAN listen links. Depending on the change, it may take some time for your changes to propagate throughout the Internet, depending upon the time various resolvers cache DNS responses. For example, it may take a day before a new domain name is accessible via the Internet. If a domain name was previously registered and the DNS record is modified, any server on the Internet with the previous information will not get the update until the TTL of the original record has passed.
Adding a New WAN Link
If, after creating your domains, you add a new WAN link, complete these steps to use the new link for DNS queries (static links only) and inbound link balancing:
- Go to the Services > Authoritative DNS page.
- If this is a static link and you want to use it to respond to DNS queries:
- Identify the new link as a DNS Server Listen Link and assign it a Name Server label.
- For each already defined domain, add a new NS record and a new A record to the domain for the new link.
- Edit the A records of your servers to enable reception of inbound traffic on the new link for the corresponding internal servers. Specifically, when you edit the A record on the DNS Record page, you can select the new WAN link from the Links list and add it to the A record.
Zones and Domains
A domain name server stores information about part of the domain name space called a zone. All names in a given zone share the same domain suffix. For example, if barracuda.com is the domain suffix, mail.barracuda.com and eng.barracuda.com are possible sub-domains. These may be all served by one domain name server or some of the sub-domains may be delegated to other domain name servers. Every domain or sub-domain is in exactly one zone. Rather than make a distinction between a zone and a domain, the web interface of the Barracuda Link Balancer simply asks you to create a domain.
Zone transfers serve to replicate DNS databases across a set of DNS servers. On the Barracuda Link Balancer, zone transfers can be enabled or disabled per domain. Also, the TTL (Time To Live) for clients to cache DNS records can as of Barracuda Link Balancer firmware version 2.5 be defined per domain.
DNS Records Generated when Creating a Domain
When you create a domain on the Barracuda Link Balancer the following records are automatically generated:
- Start of Authority (SOA) - The SOA record defines the global parameters for the hosted domain or zone. Only one SOA record is allowed per hosted domain or zone.
- Name Server (NS) - NS records specify the authoritative name servers for this domain. One NS record for each name server in the DNS Server Listen Links table is generated.
- Address (A) - A records map a host name to an IP address. Each host inside the domain should be represented by an A record. One A record is created for each name server in the DNS Server Listen Links table. An A record is also created for each matching domain name found in 1:1 NAT and Port Forwarding rules.
Additional DNS Records
Once a zone has been created, you can edit the above records or add NS, A, and any of the following records to a zone:
- Mail Exchanger (MX) - MX records point to the email servers that are responsible for handling email for a given domain. There should be an MX record for each email server, including backup email servers if they exist. If an email server lies within the domain it requires an A record for each name server. If the email server is outside the domain, specify the FQDN of the server, ending with a dot.
- Text (TXT) - Text records allow text to be associated with a name. This can be used to specify Sender Policy Framework (SPF) or DomainKeys records for the domain.
- Canonical Name (CNAME) - A CNAME record provides a mapping between this alias and the true, or canonical, hostname of the computer. It is commonly used to hide changes to the internal DNS structure. External users can use an unchanging alias while the internal names are updated. If the real server is outside the domain, specify the FQDN of the server, ending with a dot.
If a domain name has a CNAME record associated with it, then it cannot have any other record types. Do not use CNAME defined hostnames in MX records.
- Service (SRV) - Service records are used to store the location of newer protocols, such as SIP, LDAP, IMAP and HTTP.
- Pointer (PTR) - PTR records point to a canonical name. The most common use is to provide a way to associate a domain name with an IP address.
- Other (OTHER) - Use an OTHER record to add a type of DNS record that is not supported, such as NAPTR.