Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dns failover

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sai
      last edited by

      I have 2 WAN running and a mailserver. users need to access the mailserver through the WAN using http or https://mail.domain.com/
      mail.domain.com translates to one of the real IP addresses I get from one of the ISPs.

      if that ISP is down I would like the users to automatically get through to the other ISP.

      www.dnsmadeeasy.com , www.netriplex.com offer this kind of outsourced service. is it possible to do this inhouse using pfSense?

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        I just give the users a secondary record to try, but the DNS server package offers this functionality. If you want a dedicated DNS server, you could try pfDNS…

        1 Reply Last reply Reply Quote 0
        • S
          sai
          last edited by

          I cant get to my pfsense for the next few days so I was looking for docs or forum postings about how to get it to work.

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            I haven't played with the package in a long time, but I plan on getting up to speed on pfDNS. IIRC, the failover stuff is pretty straightforward- you fill in a box for the failover IP and monitor IP. If you want to do this on the firewall, you would want to publish an NS record for your primary and secondary WANs. I think the problem with ANY failover DNS implementation is the downstream caching. IMO, this makes failover DNS records of questionable value for shorter outages. Besides laziness, that's why I  just tell users to try webmail2.company.com if they can't get in at webmail.company.com. If the outage was prolonged, I could just update the record manually anyway.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.