× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

DNS behind VIP

Showing results for 
Search instead for 
Do you mean 
Participant II
Posts: 6
Registered: ‎04-11-2017
#1 of 3 933
Accepted Solution

DNS behind VIP

Is there a way for the agent to advantage of DC's behind a load balancer?  We can point the agent at any 1 DC by name but if we try to point it at DC behind an F5 VIP for load balance and reducancy purposes, it appears to not like that. Not sure if its a property of the agent or of RHEL 7.


any thoughts,

Patrick Holt

Centrify Guru I
Posts: 1,784
Registered: ‎07-26-2012
#2 of 3 928

Re: DNS behind VIP

Not really.  This is due how AD and the Centrify AD client work.


  • Sites and Services:  AD clients will perform their own lookups based on the nearest site/service
  • Caching:  Advanced clients like Centrify's will perform their own DNS caching and telemetry calculations
  • DNS Access Control:  Some administrators may have implemented security in DNS (e.g. for Dynamic updates); these changes rely on Kerberos authentication.  During this exchange there may be reverse-address lookup (IP to name) and a VIP is likely to provide mismatches.

Also note that the DirectControl agent is the same in all platforms (with some behavioral/capability exceptions in OS X, AIX, HP-UX and Solaris)



Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 6
Registered: ‎04-11-2017
#3 of 3 924

Re: DNS behind VIP

This topic can be deleted. The issue was not about centrify at all.