DNS behind VIP
04-14-2017 07:49 AM
Is there a way for the agent to advantage of DC's behind a load balancer? We can point the agent at any 1 DC by name but if we try to point it at DC behind an F5 VIP for load balance and reducancy purposes, it appears to not like that. Not sure if its a property of the agent or of RHEL 7.
Solved! Go to Solution.
04-14-2017 08:02 AM
Not really. This is due how AD and the Centrify AD client work.
- Sites and Services: AD clients will perform their own lookups based on the nearest site/service
- Caching: Advanced clients like Centrify's will perform their own DNS caching and telemetry calculations
- DNS Access Control: Some administrators may have implemented security in DNS (e.g. for Dynamic updates); these changes rely on Kerberos authentication. During this exchange there may be reverse-address lookup (IP to name) and a VIP is likely to provide mismatches.
Also note that the DirectControl agent is the same in all platforms (with some behavioral/capability exceptions in OS X, AIX, HP-UX and Solaris)