(Solved) Multiwan (failover) DNS not working
-
I need some help with a multi-wan configuration. It is DSL primary and 4G as failover. I'm having trouble with the 4G modem staying up, but something has happened and now I can't get DNS resolution at all.
I can ping 8.8.8.8 both from the pfsense VM command line as well as a client vm connected to the LAN side interface. But no DNS resolution works at the PFsense itself or from the client. I can point the client DIRECTLY to opendns servers and it works and can browse the internet, but if I point it at the pfsense forwarder it fails. The forwarding service is running.
I have DNS servers entered for both WAN gateways.
Any ideas or help?
-
Well I found out some additional information. It is related to the multi wan, but it just stopped working. I didnt make any changes.
If I disable the WANB interface, I get DNS resolution. When I turn WANB back on again, I can resolve for a couple seconds then it starts failing again… don't think it is caching because I try to resolve new sites and it works for 10-30 seconds with newly resolved sites before starting to fail again. Then when it starts failing I get 4 fails in a row (2 servers configured, each with 2 different gateways).
-
Solved… Hopefully this helps someone else using MultiWAN in the future.
When I set up my DNS, I followed the instructions about setting up DNS for each gateway. I use OpenDNS and when I set this up, I set it as follows and it didn't work:
208.67.222.222 on WANA
208.67.220.220 on WANA
208.67.222.222 on WANB
208.67.222.222 on WANBLong story short, you can't use the same DNS servers on each WAN. Behind the scenes, the system sets a static route for each DNS server using its assigned gateway.
The reason that I was seeing what I was seeing was due to the first two DNS routes being set, then immediately overwritten by the last 2. So when I was in a state where both gateways were started and operational my DNS was attempting to be routed over the disabled gateway. If I brought down the secondary interface the routing for the DNS on that gateway was removed and the primary routes worked.
-
Yeah that's not a valid config. I added input validation so that can't be configured.
https://redmine.pfsense.org/issues/5915 -
I ran into the same issue but no matter if I had different Dns addresses I still could not connect on secondary wan of failover. Disabling Dns resolver and enabling Dns forwarder solved the problem for me.