Fortinet Document Library

Version:


Table of Contents

New Features

7.0.0
Download PDF
Copy Link

DNS health check monitor for server load balancing

A DNS health check monitor can be configured for server load balancing. The monitor uses TCP or UDP DNS as the probes. The request domain is matched against the configured IP address to verify the response.

The DNS health check monitor does not support IPv6.

To create a DNS health check monitor:
config firewall ldb-monitor
    edit <name>
        set type dns
        set port <string>
        set dns-protocol {udp | tcp}
        set dns-request-domain <string>
        set dns-match-ip <class_ip>
    next
end

type

The monitor type that is used by the health check monitor to check the health of the server.

port <string>

The service port that is used to perform the health check (0 - 65635, default = 0). If type is set to dns, port is set to 53.

dns-protocol {udp | tcp}

The protocol used by the DNS health check monitor to check the health of the server (default = udp).

dns-request-domain <string>

The fully qualified domain name to resolve for the DNS probe (default = www.example.com).

dns-match-ip <class_ip>

The response IP address expected from the DNS server (default =

Example

In this example, a DNS health check monitor is created and used in a VIP.

The FortiGate sends the DNS request on UDP port 53 to the configured real servers every 30 seconds. If the DNS response from a real server matches the DNS match IP address, then the real server is marked as Active. Otherwise, it is marked as Down.

To configure the health check monitor:
  1. Create a new DNS health check monitor:

    config firewall ldb-monitor
        edit "dns-monitor-1"
            set type dns
            set interval 30
            set port 53
            set src-ip 172.16.200.10
            set dns-request-domain "pc4.qa.fortinet.com"
            set dns-match-ip 172.16.200.44
        next
    end
  2. Apply the monitor to a virtual server:

    config firewall vip
        edit "test-vs-ip-1"
            set type server-load-balance
            set extip 10.1.100.153
            set extintf "wan2"
            set server-type ip
            set monitor "dns-monitor-1"
            set ldb-method round-robin
            config realservers
                edit 1
                    set ip 172.16.200.44
                next
                edit 2
                    set ip 172.16.200.55
                next
            end
        next
    end

DNS health check monitor for server load balancing

A DNS health check monitor can be configured for server load balancing. The monitor uses TCP or UDP DNS as the probes. The request domain is matched against the configured IP address to verify the response.

The DNS health check monitor does not support IPv6.

To create a DNS health check monitor:
config firewall ldb-monitor
    edit <name>
        set type dns
        set port <string>
        set dns-protocol {udp | tcp}
        set dns-request-domain <string>
        set dns-match-ip <class_ip>
    next
end

type

The monitor type that is used by the health check monitor to check the health of the server.

port <string>

The service port that is used to perform the health check (0 - 65635, default = 0). If type is set to dns, port is set to 53.

dns-protocol {udp | tcp}

The protocol used by the DNS health check monitor to check the health of the server (default = udp).

dns-request-domain <string>

The fully qualified domain name to resolve for the DNS probe (default = www.example.com).

dns-match-ip <class_ip>

The response IP address expected from the DNS server (default =

Example

In this example, a DNS health check monitor is created and used in a VIP.

The FortiGate sends the DNS request on UDP port 53 to the configured real servers every 30 seconds. If the DNS response from a real server matches the DNS match IP address, then the real server is marked as Active. Otherwise, it is marked as Down.

To configure the health check monitor:
  1. Create a new DNS health check monitor:

    config firewall ldb-monitor
        edit "dns-monitor-1"
            set type dns
            set interval 30
            set port 53
            set src-ip 172.16.200.10
            set dns-request-domain "pc4.qa.fortinet.com"
            set dns-match-ip 172.16.200.44
        next
    end
  2. Apply the monitor to a virtual server:

    config firewall vip
        edit "test-vs-ip-1"
            set type server-load-balance
            set extip 10.1.100.153
            set extintf "wan2"
            set server-type ip
            set monitor "dns-monitor-1"
            set ldb-method round-robin
            config realservers
                edit 1
                    set ip 172.16.200.44
                next
                edit 2
                    set ip 172.16.200.55
                next
            end
        next
    end