Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Failure with Multi WAN

    Routing and Multi WAN
    1
    1
    209
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Volvodemort
      last edited by

      The initial pfSense configuration was a single fibre WAN based on DHCP with a primary DNS server at 202.142.142.142. The LAN interfaces were all /24 networks with IPv4 addresses of 10.0.0.1, 10.010.1, 10.10.0.20.1 and 10.0.100.1. Theses are also the gateway and DNS server addresses client PCs. This all worked as expected.

      A 4G mobile modem was added to provide failover internet access i.e. a Multi WAN configuration. A Group was created to establish the interface Tiers. On failover to the 4G mobile service the client PCs can not resolve addresses. The documentation for Multiple WAN Connections, Interface and DNS Configuration:
      DNS Forwarding and Static Routes
      When using the DNS Resolver in forwarding mode or the DNS Forwarder, the firewall uses its routing table to reach the configured DNS servers. This means without any static routes configured, it will only use the WAN with the default gateway to reach DNS servers.
      Gateways must be selected for each DNS server defined on the firewall. This forces the firewall to use a specific WAN interface to reach a given DNS server. At least one gateway from each WAN should be selected where possible.

      The DNS server on the fibre service can be configured in pfSense but the DNS server on the 4G service can not be configured. Turns out the DNS server IP address is in the 10.107.3.0 subnet.
      The following input errors were detected:
      A gateway cannot be specified for 10.107.3.1 because that IP address is part of a directly connected subnet 10.107.3.0/24. To use that nameserver, change its Gateway to none.

      Catch is the the primary gateway is the default route while the 4G DNS server that can't be configured will default to the default route of the down interface.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.