Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TinyDNS load balance option not working…?

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Itwerx
      last edited by

      We have redundant load balanced WAN links with a pair of pfSense servers set up with CARP.  Everything is working great and we decided to host our own DNS for some domains.  The obvious choice here is to use pfSense again!  :)
        We're a little paranoid though, so we'd rather not run DNS on the actual firewalls.
        pfDNS appears to be in a state of flux, and we do have some VMware hosts in our DMZ, so we simply downloaded the VMware image of 1.2.2 and added the TinyDNS package.
        Basic testing shows everything is just peachy - TinyDNS works great, serves up whatever records we enter.
        But when we add an alternate IP to an A record and check the option for load balancing.  TinyDNS seems to completely ignore the option and will only hand out the primary IP, (though it will still failover properly to the alternate if it has something to check and decides the primary is no good).
        The easy answer of course is to just add another A record with the primary and alternate swapped, and let it do round-robin (RR), but if one of our connections goes down it will then hand back a duplicate response with the same IP.  Not the end of the world, but I'm sure there's some badly coded app out there that will freak out in that scenario, so I'm trying to get RR to work using the alternate IPs on a single A record.
        Hesitating to file a bug report in case I'm just missing and/or mis-interpreting something obvious - has anybody else run into this…?

      1 Reply Last reply Reply Quote 0
      • I
        Itwerx
        last edited by

        This may be a non-issue.  The following command issued in a failover scenario with RR:
              dig @ns.domain.com A www.domain.com
        …produces the duplicate entry response described above.
        But a simple:
              dig A www.domain.com
        ...returns just the one record.  Apparently just a feature/bug of dig.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.