On Tue, Sep 30, 2008 at 5:04 PM, Brendan Cleary <cleary@nytimes.com> wrote:
I worked with Chris on this outside of the list. Replying here just to close the loop in case anyone else was interested.
This situation is explained in this Case Study: http://support.citrix.com/article/CTX117947
The key sentence being: "In NetScaler software release 7.0, when the DNS server looks up AAAA records, the response was "0" and errors "0". However, in NetScaler software release 8.0, with standard response "0", the NetScaler appliance sends the delegation records to root. "
To summarize, if you don't have your NS records in place on the Netscalers, you will see a loop for AAAA queries (root>auth>netscaler>root....), eventually resulting in a SERVFAIL.
Thanks Brendan! Hopefully Citrix can improve their standard config for this sort of deployment to make this a little simpler? I can't believe NYTimes is the only user of Netscalers for this function. -Chris