Dns failover



  • I have 2 WAN running and a mailserver. users need to access the mailserver through the WAN using http or https://mail.domain.com/
    mail.domain.com translates to one of the real IP addresses I get from one of the ISPs.

    if that ISP is down I would like the users to automatically get through to the other ISP.

    www.dnsmadeeasy.com , www.netriplex.com offer this kind of outsourced service. is it possible to do this inhouse using pfSense?



  • I just give the users a secondary record to try, but the DNS server package offers this functionality. If you want a dedicated DNS server, you could try pfDNS…



  • I cant get to my pfsense for the next few days so I was looking for docs or forum postings about how to get it to work.



  • I haven't played with the package in a long time, but I plan on getting up to speed on pfDNS. IIRC, the failover stuff is pretty straightforward- you fill in a box for the failover IP and monitor IP. If you want to do this on the firewall, you would want to publish an NS record for your primary and secondary WANs. I think the problem with ANY failover DNS implementation is the downstream caching. IMO, this makes failover DNS records of questionable value for shorter outages. Besides laziness, that's why I  just tell users to try webmail2.company.com if they can't get in at webmail.company.com. If the outage was prolonged, I could just update the record manually anyway.


Log in to reply