Multi WAN with Failover DNS issue
-
I have a problem with my Multi WAN setup , everytime one of my connection goes down , clients lose their internet access
at first i though it was some mis-configuration with the failover , but i found out that it was a DNS issue , clients fails to resolve DNS whenever one of the internet line is down
when i manually put in other DNS providers ( google/opendns ) it works fine
using Pfsense's DNS forwarder
-
System>General Setup, you have to have at least one DNS server set to each WAN.
-
yup already have , WAN1 = opendns , WAN2 = googledns
-
up
-
Diag>DNS Lookup, try to lookup google.com or something. What do you get?
-
@cmb:
System>General Setup, you have to have at least one DNS server set to each WAN.
Is this still always true? Recently I've been leaving that section completely blank (for Unbound) and just letting the Resolver do its thing. In a multi-WAN setup, as long as you have GW switching enabled, the outbound port 53 traffic should fail over to a working connection.
Is this "wrong" ?
My main reason for leaving General DNS blank was that pfSense was passing the DNS servers listed there to LAN DHCP clients in addition to its LAN IP – which I didn't want, I wanted LAN DNS to always be resolved by pfSense/Unbound.
-
@cmb:
System>General Setup, you have to have at least one DNS server set to each WAN.
Is this still always true? Recently I've been leaving that section completely blank (for Unbound) and just letting the Resolver do its thing. In a multi-WAN setup, as long as you have GW switching enabled, the outbound port 53 traffic should fail over to a working connection.
Is this "wrong" ?
That's fine for resolver where it's not in forwarding mode.
My main reason for leaving General DNS blank was that pfSense was passing the DNS servers listed there to LAN DHCP clients in addition to its LAN IP – which I didn't want, I wanted LAN DNS to always be resolved by pfSense/Unbound.
If you leave the DNS servers blank in the DHCP server config, only the LAN IP will be assigned to clients via DHCP for DNS. If you disable DNS Forwarder and Resolver, then it assigns the DNS servers on General Setup to clients.
-
Cool thanks. That's what I thought. How about the "Outgoing Network Interfaces" setting for Unbound … what's the current best practice on that? I notice it defaults to "All" but I usually change it to "LAN + Localhost" otherwise DNS queries forwarded over IPSEC tunnels do not function. Seems to work well enough but I don't know if that's something I should be doing differently?
