Multi-WAN DNS failover
-
[First of all I want to be clear that this may be an issue with me not with pf but I can't test it until get another failure!]
I have a standard multi-wan setup with multiple dns servers, set up on different gateway groups. As such, these should fail over as the gateway groups fail over.
However, I was running a site recently with two WANs and a PFSense box on each (with no CARP etc), with each PF being able to fail over to the other WAN if need be. And indeed, one of the WAN links failed. IP connections through the affected PFSense seemed to work fine but DNS didnt. I know the other backup WAN link and the other PFSense sense box were unaffected as I did a dig @ the other pfsense and it worked fine.
So on the face of it the DNS didnt fail over. However, I can't replicate this again easily so before I do a load of testing, is anyone else having a problem with it?
Thanks
–Chris
-
Did you reboot the pfSense box after assigning gateways to the DNS servers? It uses static routes to force connections to each DNS server through a particular gateway and I've found that these don't get set properly until you reboot.
-
Interesting, no. So do you think that it won't fail over either, or just that it doesn't get set to the right failover gateway group until a reboot, and after that it fails over fine?
It would certainly make sense
-
If you have gateways set for your DNS, it sets the static routes. The way I've found the most success with is setting a floating output rule for your WAN interfaces with your failover group as the gateway.