In HA CARP Setup do LAGG names need to match?
-
I've noticed that my DHCP Leases are not syncing between identical pfSense servers causing name resolution errors. (but no errors in pfsense)
Our interface names match however we use a LAGG on each firewall for LAN and a few other networks one is call LAGG0 (on the primary firewall) and one is called LAGG1 (on the secondary)
I noticed this post where @jimp mentioned interfaces need to be identical and so just wanted to check of that applies to LAGG's. Note everything else related to CARP/Sync seems to be working and DHCP Lease screen is reporting "normal/normal"
https://forum.netgate.com/topic/119034/possible-to-carp-between-sg-4860-and-a-vm
Any thoughts please let me know
Thanks
Hass
-
The leases will sync, and they are, or you wouldn't see "normal/normal".
The hostnames do not sync between HA nodes. That's a known issue.
https://redmine.pfsense.org/issues/4061
-
Thanks @jimp this is exactly what we're seeing, What would you say is the current normal work around? To only run DHCP on a pfsense single host (e.g. primary)?
-
Either that or setting up a proper separate DNS server (not hosted on pfSense) with DHCP DNS registration
-
@jimp Thanks we just moved off a standalone DNSmasq server so might go back that way. TBD!
Thanks for the quick feedback
-
@jimp said in In HA CARP Setup do LAGG names need to match?:
Either that or setting up a proper separate DNS server (not hosted on pfSense) with DHCP DNS registration
Wouldn't just using the Resolver/Forwarder via VIP work out the same? This way only the DNS instance on the master pfSense is called which should have all names in its resolver?
-
@JeGr said in In HA CARP Setup do LAGG names need to match?:
Wouldn't just using the Resolver/Forwarder via VIP work out the same? This way only the DNS instance on the master pfSense is called which should have all names in its resolver?
It won't have them all, that's the problem. Both DHCP servers are active and exchange lease info, but not hostnames. Some hostnames will be on the primary, some on the secondary; Neither have them all.
If the clients register their hostnames with a separate DNS server, that would solve the issue, or if the DHCP server is setup to register hostnames with a separate DNS server.
-
Ah thanks :) That clears it up pretty much. Never actually ran into that issue besides static mappings and that is no problem in a cluster that I'm aware of ;)
