5. "It queries every configured DNS server simultaneously[…]"

"It queries every configured DNS server simultaneously[…]"

  • V

    Hi.

    Is there a way of forcing pfSense to only use DNS servers configured for a specific WAN/OPT2/OPT3 that is being used in a WAN failover group?
    As it works today it sends DNS requests on all WAN links(inluding a 3G connection, OPT3) even though primary WAN is up.

    DNS 1.1.1.1 is used for WAN.
    DNS 2.2.2.2 is used for WAN.
    DNS 3.3.3.3 is used for OPT2.
    DNS 4.4.4.4 is used for OPT3.

    An example of how the DNS servers would be used:

    WAN is up, DNS 1.1.1.1 or 2.2.2.2 are used.
    WAN is down, DNS 3.3.3.3 is used.
    WAN AND OPT2 are down, DNS 4.4.4.4 is used.

    I have tried using the option "Allow DNS server list to be overridden by DHCP/PPP on WAN", but at one point after a complete fail-back(to WAN) from a fail-over
    i stil only showed up DNS servers from the slowest 3G connection(the last+slowest fail-over WAN) on the status page.

    The queries do not contain much data but it feels like a waste of 3G resource(any money) when quering something that is slower than WAN
    even though WAN is up.

    0
  • S

    check that :
    http://redmine.pfsense.org/issues/1408

    it might be related to your issue.

    0
  • V

    After some reading it sounds that this is the normal behavior of dnsclient, to query every assigned DNS server :P.

    An approach could maybe be as follows:

    Is there a failover group configured(could be a checkbox and/or autosense)?
    If no, then use normal behaviour.

    If yes:
      Only query servers manually configured for this active interface or only query servers automatically configured through DHCP assigned from this active interface.

    0
  • Rebel Alliance Developer Netgate

    That would take quite a bit of extra logic (prone to extra breakage!) to pull off, if it's even possible.

    Most people have always-on WANs so it's beneficial to query them all at once. 3G is the obvious exception to that, and I think someone already has a feature/todo ticket open for 2.1 so we can have a more sensible dial-on-demand mode for 3G WANs since not just DNS but the connection monitoring traffic can add up over some time. People without unlimited data plans might be surprised at the usage.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy