DNS health check monitor for server load balancing
A DNS health check monitor can be configured for server load balancing. The monitor uses TCP or UDP DNS as the probes. The request domain is matched against the configured IP address to verify the response.
The DNS health check monitor does not support IPv6.
To create a DNS health check monitor:
config firewall ldb-monitor edit <name> set type dns set port <string> set dns-protocol {udp | tcp} set dns-request-domain <string> set dns-match-ip <class_ip> next end
type |
The monitor type that is used by the health check monitor to check the health of the server. |
port <string> |
The service port that is used to perform the health check (0 - 65635, default = 0). If |
dns-protocol {udp | tcp} |
The protocol used by the DNS health check monitor to check the health of the server (default = udp). |
dns-request-domain <string> |
The fully qualified domain name to resolve for the DNS probe (default = www.example.com). |
dns-match-ip <class_ip> |
The response IP address expected from the DNS server (default = |
Example
In this example, a DNS health check monitor is created and used in a VIP.
The FortiGate sends the DNS request on UDP port 53 to the configured real servers every 30 seconds. If the DNS response from a real server matches the DNS match IP address, then the real server is marked as Active. Otherwise, it is marked as Down.
To configure the health check monitor:
-
Create a new DNS health check monitor:
config firewall ldb-monitor edit "dns-monitor-1" set type dns set interval 30 set port 53 set src-ip 172.16.200.10 set dns-request-domain "pc4.qa.fortinet.com" set dns-match-ip 172.16.200.44 next end
-
Apply the monitor to a virtual server:
config firewall vip edit "test-vs-ip-1" set type server-load-balance set extip 10.1.100.153 set extintf "wan2" set server-type ip set monitor "dns-monitor-1" set ldb-method round-robin config realservers edit 1 set ip 172.16.200.44 next edit 2 set ip 172.16.200.55 next end next end