Topic
  • 4 replies
  • Latest Post - ‏2013-01-26T22:00:04Z by Doyler86
Doyler86
Doyler86
91 Posts

Pinned topic Has anyone used Datapower to Query DNS for available Name Servers?

‏2013-01-08T14:06:35Z |
Hello,

Just Curious,

Has anyone implemented a custom RBM or AAA Policy where the Datapower queries for available DNS Servers rather than using a LBG with a static list?

I know unix/linux have a command 'dig' which can accomplish this, but was wondering if anyone here has ever implemented it using Datapower?

let me know your thoughts and thank you in advance,

Doyle
Updated on 2013-01-26T22:00:04Z at 2013-01-26T22:00:04Z by Doyler86
  • msiebler
    msiebler
    140 Posts

    Re: Has anyone used Datapower to Query DNS for available Name Servers?

    ‏2013-01-08T21:39:22Z  
    I do not believe this is supported in datapower; whats exactly are you trying to do?
  • Doyler86
    Doyler86
    91 Posts

    Re: Has anyone used Datapower to Query DNS for available Name Servers?

    ‏2013-01-09T01:53:41Z  
    • msiebler
    • ‏2013-01-08T21:39:22Z
    I do not believe this is supported in datapower; whats exactly are you trying to do?
    Hello thank you for your reply,

    we are a large Datapower shop. We are also a huge Active Directory shop as well. Right now we are utilizing a load balancer group of Active Directory Servers for AAA solutions. Our Active Direcory Servers may change throughout the year causing our LBG to be outdated and potentially impactful.

    Microsoft has added to the LDAP spec the process and standards for utilizing SRV records, which provides a way to query a particular domain for available Active Directory Servers, thus always receiving an Active Name Server.

    I know Datapower doesn't directly support querying for SRV records at the moment, but I was was wondering if utilizing XSLT in the AAA Policy if we would be able to do this. I know Linux/Unix have a workaround utilizing the 'dig' command that I mentioned in the original question.

    If there was a way to do this, this could prevent impactful situations as well as save countless hours for having resources update these LBG's.

    hope that helps,

    thanks,

    Doyle
  • Trey
    Trey
    225 Posts

    Re: Has anyone used Datapower to Query DNS for available Name Servers?

    ‏2013-01-09T02:15:00Z  
    • Doyler86
    • ‏2013-01-09T01:53:41Z
    Hello thank you for your reply,

    we are a large Datapower shop. We are also a huge Active Directory shop as well. Right now we are utilizing a load balancer group of Active Directory Servers for AAA solutions. Our Active Direcory Servers may change throughout the year causing our LBG to be outdated and potentially impactful.

    Microsoft has added to the LDAP spec the process and standards for utilizing SRV records, which provides a way to query a particular domain for available Active Directory Servers, thus always receiving an Active Name Server.

    I know Datapower doesn't directly support querying for SRV records at the moment, but I was was wondering if utilizing XSLT in the AAA Policy if we would be able to do this. I know Linux/Unix have a workaround utilizing the 'dig' command that I mentioned in the original question.

    If there was a way to do this, this could prevent impactful situations as well as save countless hours for having resources update these LBG's.

    hope that helps,

    thanks,

    Doyle
    There is no native "dig" on DataPower you are right. If this is an option, you could determine the new servers then maybe a simple soma push to update the DNS config on the devices could be scripted.

    I only see this being an external method, but some sharper folks may have a better idea.

    Good luck
  • Doyler86
    Doyler86
    91 Posts

    Re: Has anyone used Datapower to Query DNS for available Name Servers?

    ‏2013-01-26T22:00:04Z  
    • Trey
    • ‏2013-01-09T02:15:00Z
    There is no native "dig" on DataPower you are right. If this is an option, you could determine the new servers then maybe a simple soma push to update the DNS config on the devices could be scripted.

    I only see this being an external method, but some sharper folks may have a better idea.

    Good luck
    Thanks Trey for your response.

    What do you think about utilizing an Identity server in between the appliance and the Active Directory Servers? Do you think this would help relieve me of the issue I mentioned above?

    thanks,

    Doyle