You can use the controller node in a WildFire
appliance cluster as the authoritative DNS server for the cluster.
(An authoritative DNS server serves the actual IP addresses of the
cluster members, as opposed to a recursive DNS server, which queries
the authoritative DNS server and passes the requested information
to the host that made the initial request.) Firewalls that
submit samples to the WildFire appliance cluster should send DNS
queries to their regular DNS server, for example, an internal corporate
DNS server. The internal DNS server forwards the DNS query to the
WildFire appliance cluster controller (based on the query’s domain).
Using the cluster controller as the DNS server provides many advantages: Automatic load balancing—When the cluster controller
resolves the service advertisement hostname, the host cluster nodes
are in a random order, which has the effect of organically balancing
the load on the nodes. Fault tolerance—If one cluster node fails, the cluster
controller automatically removes it from the DNS response, so firewalls
send new requests to nodes that are up and running. Flexibility and ease of management—When you add nodes
to the cluster, because the controller updates the DNS response
automatically, you don’t need to make any changes on the firewall
and requests automatically go to the new nodes as well as the previously
existing nodes.
Although the DNS record should not
be cached, for troubleshooting, if the DNS lookup succeeds, the
TTL is 0. However, when the DNS lookup returns NXDOMAIN, the TTL
and “minimum TTL” are both 0. |