GSLB (Global Server Load Balance)
1 GSLB Introduction
GSLB (Global Server Load Balance) can automatically schedule traffic through custom DNS servers based on the user’s IP address.
After GSLB is enabled, the primary node will be mainly used for management and DNS resolution, and will not participate in load balancing of business traffic. The load traffic will all use replica nodes.
The professional plus edition of Janussec Application Gateway has built-in DNS server and GSLB scheduling function on the primary node, while the open source edition does not include this feature.
2 Enable GSLB
Refer to the following steps to enable GSLB (Global Server Load Balance) if you have multiple gateway nodes deployed.
Assuming you have an application that provides services to internet users through: https://demo.example.com
, and the customized domain name server is ns01.example.com
(use the DNS server provided by the primary node of Janusec Application Gateway):
- Step 1: Enable firewall policy, example for Debian 11: #
ufw allow 53
- Step 2: Make sure port 53 is not occupied by other applications, typically in Debian 11 it was occupied, stop it: #
systemctl stop systemd-resolved
and #systemctl disable systemd-resolved
, then check with: #netstat -antulp | grep :53
- Step 3: Enable DNS Server in Settings - Advanced, and then restart service: #
systemctl restart janusec
- Step 4: Add an
A
or CNAME recordns01
with value ip address points to this gateway, and aNS
recorddemo
with valuens01.example.com.
at the authoritative name server, not on this gateway. Individual domain name holders should modify it at the domain name registrar. - Step 5: Add an
A
recorddemo
on the gateway, and enableResolve to an available gateway node for load balance automatically
- Step 6 (Important): Add
DNS Hostnames
(aka.Glue Records
) for your DNS server at the domain name registrar, if not, your own dns server will not accepted by other DNS servers. This record takes approximately 24 to 48 hours to take effect. - Step 7: Configure application in Application and make sure the backend source servers are available to all nodes of Janusec Application Gateway.
- Step 8: Open with web browser, or under command shell:
nslookup demo.example.com
, ordig demo.example.com A
3 FAQ
-
Q: What type of DNS server is built-in to the gateway primary node?
A: The gateway master node provides an authoritative DNS server, which only supports the resolution of its own domain name, and is used to provide query results to other DNS servers (such as Recursive DNS Server and Caching DNS Server). -
Q: Is replica nodes enabled for DNS services?
A: The DNS service is temporarily not enabled on replica nodes. DNS service is only provided on the primary node and listens on TCP/UDP 53 port. -
Q: What should I do if I want to set up two DNS servers?
A: You can deploy a new primary node (labeled asPrimaryB
) and copy the configuration file (/usr/local/janusec/config.json
) of the current primary node (labeled asPrimaryA
) toPrimaryB
. The two primary nodes share the same database. It should be noted that the database should be an internal IP address that can be accessed by both nodes, and cannot be a local address like127.0.0.1
. Normally,PrimaryA
is used for management and maintenance. If the configuration changes, please manually restart the januc service onPrimaryB
: # ‘systemctl restart janusec’ to make the new configuration take effect onPrimaryB
.