Multiple WAN DNS issue when primary fails
-
WAN Gateway Monitor IP: 75.xxx.xxx.1
WAN2 Gateway Monitor IP: 65.xxx.xxx.1See image for Diag->Routes. The first one is WAN active. The second one is WAN2 active.
 -
See anything wrong there?
-
That seems to be correct, without having a more complete view of the system I can't say for sure but definitely looks fine. You'll have a route for each DNS server out the appropriate WAN. Pinging from the console, or Diag>Ping choosing LAN, to the DNS server IPs will verify you have connectivity. Trying to dig directly to each will verify DNS connectivity to them.
-
@cmb:
That seems to be correct, without having a more complete view of the system I can't say for sure but definitely looks fine. You'll have a route for each DNS server out the appropriate WAN. Pinging from the console, or Diag>Ping choosing LAN, to the DNS server IPs will verify you have connectivity. Trying to dig directly to each will verify DNS connectivity to them.
Ok, thanks. I'll look into that. Assuming I still can't get it to work, would you be willing to login to the box and take a look around?
-
Well, it's setup and working, but the fallover doesn't work, so if either dsl modem fails, the whole thing craps out. I have no idea why.
-
Allow DNS server list to be overridden by DHCP/PPP on WAN = CHECKED <– uncheck this
also you could try setting 8.8.8.8 or 8.8.4.4 as dns server without having a gateway specified (but this shouldn't be necessary)
you could try to traceroute the dns servers themselfs when you unplug either and see where it goes wrong -
Hello KyferEz,
I have read your topic, I have the same problem as you, I tried the suggestions from the post but nothing resolved.
Have you resolved the problem?
Thanks -
Nope. none of the suggestions helped. I think it may be a bug in the release…
-
-
-
I ran into a similar issue today when a manhole fire fried some of our fiber. The connection failed over as expected but DNS didn't.
One of the things I noticed is that you can't apparently use the same DNS servers on multiple WANs. Can someone confirm this? I'd really like to use the same DNS servers on both WANs.
Also like @KyferEz noted, although the routing shows each DNS IP associated with the appropriate gateway (Diag->Routes), the interface status (Status->Interfaces) shows all DNS IPs with the first WAN connection, which I believe might be a bug.
-
redmine.pfsense.org and report it there….
-
I don't know if this can help to "KyferEz" with his problem, but i have configured my pfSense this way, and don't have noticed DNS issues
-
@ptt Would you mind taking a screen shot of two additional pages to help confirm what I'm seeing? Diagnostics -> Routes (IPv4 table) and Status -> Interfaces. I'm curious how your four DNS servers get assigned.
-
Here the Routes SS ( DNS marked in red )
In Status -> Interfaces, all DNS servers are listed in WAN1, WAN2 doesn't show any DNS ( the "ISP DNS servers" dont even appear in WAN2 )
-
Hello,
I see the @ptt routing table, I think the dns are correct, just in my routing table.
I noticed in my pfsense machine, that the default route in Diagnostics -> Routes (IPv4 table) remains the same whatever WAN is online(I unplugged every WAN to test), maybe a problem in Gateway Groups, look in my gateway groups, I think is correct.
Also for my 2 gateways I don't check "default route" for these.
Regards
-
I didn't read this entire thread word for word but, I have seen similar issues. It seems (am I correct??) that pfSense assigns static routes to specific DNS servers if a specific gateway is selected on the General setup page. I assume this is so 'apinger' can detect if a GW is really down when pings to that monitor IP start failing instead of sending them over the other connection?? not sure. but add me to the "me too" list of people who would like to know the "correct" way to assign these values.
-
I didn't read this entire thread word for word but, I have seen similar issues. It seems (am I correct??) that pfSense assigns static routes to specific DNS servers if a specific gateway is selected on the General setup page. I assume this is so 'apinger' can detect if a GW is really down when pings to that monitor IP start failing instead of sending them over the other connection?? not sure. but add me to the "me too" list of people who would like to know the "correct" way to assign these values.
You must have at least one DNS server pointing to each WAN if you're using the DNS forwarder as your clients' DNS server. The WAN you pick sets a static route so the firewall goes out that WAN to reach that DNS server. You cannot use a single DNS server IP on more than one WAN (though I'm not sure offhand if there's input validation to prevent that, it won't work). There are exceptions to that if you get into policy routing traffic initiated by the firewall but that's more complex than what most people will get into.
If you're not using the DNS forwarder, your internal DNS servers must be going out of a failover or load balancing gateway group so you still have DNS when one fails.
Also like @KyferEz noted, although the routing shows each DNS IP associated with the appropriate gateway (Diag->Routes), the interface status (Status->Interfaces) shows all DNS IPs with the first WAN connection, which I believe might be a bug.
That's just how it's displayed, all the system's DNS servers show there.
-
@cmb
Thanks so much for that clarification. It makes sense now. -
FINALLY FOUND THE SOLUTION TO MY PROBLEM TODAY!!!
In every guide and instruction sheet I have read for configuring multiwan, not once was there instructions that included this necessary and very important step in a way that a beginner could easily understand: Edit the default LAN rule in Firewall->Rules by clicking edit on the rule that has a row that contains "LAN net". Then change Gateway setting drop-down to whatever you named the gateway you created with the Wan1 fallover to Wan2.
Here is a link to a simple and basic working guide for multiwan setup on pfSense 2.0. The top of the guide is for 1.2, but scroll about half-way down to see the 2.0 guide: http://skear.hubpages.com/hub/Dual-Wan-Router-How-To-Build-One-On-a-Budget. Combine that info with the other guides out there for setting up traffic shaping and it works great!
Thanks!
