Multiwan failover / DNS Forwarder

  • Hello everyone,

    In advance, sorry if this has already been asked, I’ve searched the forums (and found hints!), but I still have a question regarding multiwan/loadbalancing in failover mode and the way DNS Forwarder works. My current configuration is ok and working, however I'd like it a little more "clean".

    In case of two wan connections, say wan1 & wan2, the failover works perfectly when client are using their own external dns (opendns for example). However, when dns forwarder is used, dns resolution requests keep on going out through the wan1 link.

    The only workaround I found is to have a static route for one of the dns (the second one in my case), so that pfsense always uses wan2 to contact the second configured dns server. Rules do not seem to apply to dns forwarder, i.e. telling explicitely the wan1 interface address to use the loadbalancer gateway for DNS resolution requests.

    My question is : Is there a way to tell pfsense dns forwarder to use the wan connection/gateway selected by the loadbalancer? So that all dns requests are using the wan link chosen by the loadbalancer?

    The configuration is the following:
    2 opendns dns hosts in general configuration page for dns resolution
    Empty fields in dns configuration of DHCP server (or the 2 same opendns to not use dns forwarder and let the clients do it)
    The static route to use wan2 connection to reach dns2

    Hint : when a wan connection is down, the Ethernet interface of pfsense do not go down. Ethernet links are always up to the CE.

    Thanks for the help! (I hope this explanation is clear enough!)

  • Without doing a howstufworks article :) I can say if you need a static route for wan2 to dns2 you will also need a static route for wan1 to dns1.

  • indeed  ;)
    the default route for pfsense itself is wan1, so its not explicitely needed.

  • I'm having an issue with my multi wan setup here.  When my main internet connection goes down, the router can no longer connect to the DNS servers either gotten from WAN or set in the general settings to forward to the clients.  I believe it still tries to get DNS info through the WAN.  I could set my DHCP server to give the clients a DNS server directly (like openDNS or whatever) But now openDNS will will be asked to resolve names for printers and servers within the network that the router normally takes care of with the "Register DHCP leases in DNS forwarder"  Of course, as far as I've seen, pfsense doesn't even bother looking for the DNS servers on the secondary connection.  How is it that you setup a static route for DNS on the secondary connection and how did you get pfsense to actually use it for DNS forwarding purposes?

Log in to reply