Forum Discussion
L4L7_53191
Feb 15, 2010Nimbostratus
I've heard about a very powerful design pattern for DNS called the 'stateless UDP' pattern. It can be useful for fairly high volume DNS environments that fill up our connection tables quickly (which can certainly happenwith a massive number of UDP requests and default timeout settings).
**Note: I've not had the opportunity to set this up myself, so please test this well and be sure it behaves the way you want. If it doesn't behave the way you expect, you should explore other options or simply stick with very small timeout values.
**Also note: IMO this is a very advanced configuration, so again, please test it carefully before you go into production!! Hammer it with load, etc...
With all that said, here goes:
Inbound traffic
1) Create a custom fast l4 profile with a timeout of immediate. This essentially bypasses the connection table.
2) Create your DNS server pool
3) Create your DNS Virtual Server bound to the external VLAN. Disable port translation. Assign your new fast l4 profile and pool.
Outbound traffic
To handle response traffic for the DNS requests:
1) Create a SNAT pool with your Virtual Server address in it.
2) Create a wildcard (0.0.0.0:0) virtual server with a UDP profile. Confirm port/address translation are disabled, then assign your SNAT pool and fast L4 profile to this virtual, so it'll source the traffic from your virtual server address and have the same connection characteristics.
This type of setup should allow you to handle high volumes and still be in-line. Please report back on any findings you've got - I hope this makes sense.
-Matt