If someone makes a typing error when entering the domain name, he will not get a valid response. This is a typical example:
You can clearly see: The response got an NXDOMAIN status, a non-existing domain.
This, however, is not always desired, instead, you might want to return an IP address. It should have looked like this:
This time, you see an answer section. The IP address is the IP address of the main webserver. That’s exactly, what I wanted to get.
Of course, a Citrix ADC / NetScaler is some kind of wonder-box, and there is very much it can do to a DNS server, that’s just one out of many things it can do. Of course, in this case, we use a re-writing policy. Let’s see how the trick works:
The Policy Action
We use Citrix ADC / NetScaler rewriting feature. We simply create a new answer section:
add rewrite action rw_act_send_all_to_www_wonderkitchen replace_dns_answer_section "DNS.NEW_RRSET_A(\"126.96.36.199\",3600)"
so it’s a rewrite action replacing the DNS answer. I wanted to respond with an IP v4 address, so it’s NEW_RRSET_A, if I wanted to reply with an IP v6 address, it would have been a NEW_RRSET_AAAA. I have to add the IP address, in my case 188.8.131.52 and a TTL, in my case 3600 seconds, that’s more or less an hour.
The Policy Expression
The Citrix ADC / NetScaler rewriting policy has to act every time, if the response code is of type NXDOMAIN. If you host several domains on the same server, you would probably have to limit this to a certain domain, in my case, domains containing the string wonderkitchen in their names (I have several wonderkitchen-domains).
add rewrite policy rw_pol_send_all_to_www_wonderkitchen "DNS.RES.HEADER.RCODE.EQ(NXDOMAIN) && DNS.RES.QUESTION.DOMAIN.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"wonderkitchen\")" rw_act_send_all_to_www_wonderkitchen
So we check if the DNS response status is NXDOMAIN and, in addition, if the response domain name contains wonderkitchen.
Binding the policy
This policy has to be bound to the load-balancing vServer. No tricks needed, so no screen shots here 🙂