× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

DNS behind VIP

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 6
Registered: 2 weeks ago
#1 of 3 175
Accepted Solution

DNS behind VIP

Is there a way for the agent to advantage of DC's behind a load balancer?  We can point the agent at any 1 DC by name but if we try to point it at DC behind an F5 VIP for load balance and reducancy purposes, it appears to not like that. Not sure if its a property of the agent or of RHEL 7.

 

any thoughts,

Patrick Holt

Centrify Guru I
Posts: 1,698
Registered: ‎07-26-2012
#2 of 3 170

Re: DNS behind VIP

Not really.  This is due how AD and the Centrify AD client work.

 

  • Sites and Services:  AD clients will perform their own lookups based on the nearest site/service
  • Caching:  Advanced clients like Centrify's will perform their own DNS caching and telemetry calculations
  • DNS Access Control:  Some administrators may have implemented security in DNS (e.g. for Dynamic updates); these changes rely on Kerberos authentication.  During this exchange there may be reverse-address lookup (IP to name) and a VIP is likely to provide mismatches.

Also note that the DirectControl agent is the same in all platforms (with some behavioral/capability exceptions in OS X, AIX, HP-UX and Solaris)

 

 

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 6
Registered: 2 weeks ago
#3 of 3 166

Re: DNS behind VIP

This topic can be deleted. The issue was not about centrify at all.