DNS policy with Multi WAN system & diverse latencies
-
I have two WAN gateways: WAN1 is for a high latency satellite service. WAN2 is for a much lower latency cellular service. I would like to introduce a policy that would use WAN2 for DNS resolution and use WAN1 for all other internet traffic. I presently use pfSense version 2.4.5-RELEASE-p1 with Resolver in forwarding mode.
Is such a policy already effectively active with the default resolver settings, in that DNS Resolver will send out simultaneous requests on all “Outgoing Network Interfaces” and act on the first useful response that it receives, which would normally be on the low latency WAN2?
What would be the simplest and/or best way to accommodate my DNS policy?
-
@brucexling in the past I have done what you’re trying to do (if I recall right) by selecting the specific wan-like interface I wanted queries to go through for outbound dns queries versus all in the dns resolver settings. This would force every request to go out that interface. That should do the job. The only down side is that if that interface goes down, you’ll have no DNS resolution but I never really had that issue.
-
I am still wondering if it would be better to just leave things at default settings, ie. “By default all interfaces are used.” for Outgoing Network Interfaces. In that case the request goes out on all interfaces, and the first response is adopted. The time penalty for this approach I surmise would be negligible compared to singling out WAN2 for requests. A further benefit would be the effective failover to WAN1 in the event that WAN2 goes down.
-
@brucexling as far as general latency I think that should be fine. DNS lookups are pretty quick and if you’re using a forwarder as you say, the cached response from the authoritative server should be fast too. In general, if it ain’t broke, leave it the hell alone.
