Using CARP primary AND backup for DNS?
-
The CARP documentation says to use the CARP IP for the DNS server in the DHCP settings: https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html#set-dhcp-server-to-use-carp-lan-ip-address
I am curious, what is the reason for this (as opposed to listing both of the non-CARP IPs for the primary and failover as DNS servers)? Wouldn't having both servers listed lead to marginally better behavior during a failover event, as well as help keep the cache primed on the backup?
In any case, is there a reason NOT to list both IPs explicitly?
-
I've thought about this also. If both are listed then if one router is down, then Linux at least will go in order, so maybe using the CARP IP would prevent that (2s?) delay? In our data center we set the backup router as the primary DNS.
-
Timeouts. If both are listed and the primary is down, clients which do not perform parallel queries will be forced to wait 45 seconds for each DNS query to timeout before they ask the second server.
Just use the CARP VIP, there is nothing but pain and sadness to be gained by using both individually.
-
Understood, thank you for the quick and thoughtful explanation!
-
In other words:
- Using the CARP VIP you get guaranteed failover and consistent behavior across all client platforms.
- Using both you are completely reliant upon the client to behave in specific ways, which only gets worse on networks with many different types of clients.
