DNS bug in Multi-Wan 2.3.1_5

  • Primary connection is Comcast.  Secondary is ATT

    When failing over to ATT all mac computers with the gateway as its DNS are unable to resolve.  They can ping internet IP's but no resolution.

    IF the DNS is set on the machine directly there is no problem at all. is being used in both scenarios.

  • Did you specify the gateways on your DNS servers in 'system/general'? Making sure one or more has the ATT gateway specified…

  • So Dns forwarder in system general should be the gateway ip and not an actual Dns server?

  • See attached.  When  switching to AT&T no one is able to resolve.    When the land gateway is used as the DNS.  I have tried switching the DNS for AT&T to Google DNS and several others but with no resolve

  • Looks ok, but I'd switch so you had comcast/att/comcast/att. I forget if they go in order or query in parallel. If you are running DNS on the firewall, I'd hand out the gateway IP, but you could try handing out google DNS via DHCP.

  • Problem is we have domain coming in to the picture.  I will try.  Thanks

  • The more I look at this it seems like a bug as i have followed the documentation.

  • If you have a domain, then it's easy- serve dhcp and dns from the AD controllers. I don't think it's a bug though, I've done failover using the firewall for dns and dhcp. As long as I have one dns server going out each wan, the clients can resolve when the primary line is down.

  • not alway an option as some are remote offices with no DC so I use local dns and DNS forwarder for the domain

  • i have tried every possible scenario.  This looks like a bug.  I have 2 DNS configured on each gateway yet still unable to resolve when switching to backup connection.  if same DNS is hard coded into PC not to use the gateway for DNS resolution then machines are able to resolve.  Using gateway as DNS does not work on failover gateway.  Even the pfSense firewall is unable to resolve when switched to ATT.  Client machines are able to resolve when or are manually entered but those DNS on the ATT interface DNS under general are not.

  • Disabled DNS Resolver and enabled DNS Forwarder.  Not sure if there is a special requirement with DNS Resolver but it was preventing the secondary connection from resolving and I have not seen any documentation requiring special modification to DNS Resolver settings.

  • Rebel Alliance Developer Netgate

    By default, the DNS Resolver talks directly to the roots and can only do so over the default gateway. With the DNS Resolver you need to make adjustments for Multi-WAN, one of two scenarios:

    • Activate Default Gateway Switching (System > Advanced, Miscellaneous tab)


    • Enable Forwarding mode in DNS Resolver so it respects the DNS servers under System > General
    • Disable DNSSEC unless you know for certain the forwarding DNS servers support DNSSEC

    The second scenario causes it to behave similar to the DNS Forwarder.

  • Awesome. Thanks for the clarification, I was having the exact same problem, until I looked at the documents

    Forwarding mode is necessary for Multi-WAN configurations unless default gateway switching is enabled.

Log in to reply