Multi-WAN - DNS issues
-
Has anyone else ever had this issue:
I have a PFSENSE 1.2.1 RC1 setup with 2 connections.
WAN - is a cable modem doing DHCP
WAN2 (aka OPT1) - is DSL doing DHCP with modem in half bridge mode..I have 3 pools:
Loadbalance - the obivious 2 connections pooled together for round robin.
failover1 - CABLE failing over to DSL
failover2 - DSL failing over to Cable
This is the usual setup seen in all of the tutorials..
I have patched for the dnsmasq issue..
Here's what is going on..
First, loadbalance confirms as works, HOWEVER, if the connection goes out of WAN during a speedtest it gives WANS speed like its suppose to. But if the connection goes out of OPT1 of the loadbalance it actually speedtests BOTH connections at the same time giving a 12MB download speed (6 + 6).. This is odd behavior and I know its not suppose to do this. It only does this when doing a speedtest. Never has it done it downloading a file.
Second, if cable (WAN) fails then DNS will not go out of the DSL (OPT1) connection. So far the only way I found around this is to put a external DNS server in the DHCP lease for each client so if the router doing DNS Forwarding fails it can resolve straight from the Internet.
I have built a many pfsenses and played with Multi wan many times before this, I have never had these problems before. I kinda wondered if the original dnsmasq was configured or written for multi wan connections, and fixing it broke the said mention issues..
Any thoughts?
-
First, loadbalance confirms as works, HOWEVER, if the connection goes out of WAN during a speedtest it gives WANS speed like its suppose to. But if the connection goes out of OPT1 of the loadbalance it actually speedtests BOTH connections at the same time giving a 12MB download speed (6 + 6).. This is odd behavior and I know its not suppose to do this. It only does this when doing a speedtest. Never has it done it downloading a file.
Did also see that with those okla speedtests some time ago, just thought of it as they did an update that made use of loadbalancing pool.
Second, if cable (WAN) fails then DNS will not go out of the DSL (OPT1) connection. So far the only way I found around this is to put a external DNS server in the DHCP lease for each client so if the router doing DNS Forwarding fails it can resolve straight from the Internet.
Your probably missing a static route to your dns server. You could use OpenDNS and add a static route for each dns server.
As I understand it using OpenDNS also eliminate the dns security problem, dnsmasq patch or not. -
I am using opendns servers..
and Allow DNS server list to be overridden by DHCP/PPP on WAN is unchecked.As far as routes.. I never before back in the 1.0 and 1.1 days I never had to add any routes for DNS on multi wans.. Wouldnt all DNS requests go out of the static routes? So if you route OpenDNS out the DSL gateways and all DNS connections would try to go out that route?
Or would your route 208.67.222.222 out one connection and 208.67.220.220 out of the other?
-
As far as routes.. I never before back in the 1.0 and 1.1 days I never had to add any routes for DNS on multi wans.. Wouldnt all DNS requests go out of the static routes? So if you route OpenDNS out the DSL gateways and all DNS connections would try to go out that route?
You might have used your ISP dns servers as monitor ip's before, as for monitor ip a route is auto created.
Or would your route 208.67.222.222 out one connection and 208.67.220.220 out of the other?
yes that's is what I've done.
-
as a personal general rule I always try to use the next step (ISP Gateways) as the monitor ip just because DNS servers can go down. maintenance can occurr. main backbones to the eastern or western parts of the US can go down.. I have seen it all happen on occasion.. I will try static routes for each opendns ip on one outbound connection each and see if that solves the issue..
Thanks for your input.. (I really do appreciate it, I hate when messages go unanswered :) )
-
Hi slickbackwood,
Did setting static routes fix your problem as I have the very same set up as you?
@ Perry, by static routes, do you mean 'static routes' or do you mean firewall –-> rules?
Please can you explain why not using your ISP DNS servers and using OpenDNS should break failover.? I am assuming its because the hard set setting in system --> General only applies to the default WAN interface.
Cheers
-
Sry cheesyboofs that i mist your post.
I do mean static routes. OpenDNS adds a nice set of function preventing access to bad sites. -
have a question here, as i also having same problem problem.
but my DNS server is set insid my local LAN
but the pfsense can resolve mine domain name if i browse to my domain name from outside i cannot found my website.
Including received mail from other mail server, its seem cannot find the domain.this is my configure diagram
LAN -> PROXY + DNS + EMAIL -> Pfsense -> WAN 1 Public IP
WAN 2 Public IPanyone can help on this?
thanks in advance