Multi Wan and DNS Forwarder/NTP fails when Wan drops
-
I have two wan connections that fail over within a gateway group. I have a DNS server identified for each interface, one for Wan1 using the gateway for Wan1 and another setup for Wan2.
When Wan1 fails, network traffic flows through Wan2 as it should. However the DNS forwarder doesn't get any DNS entries. If a client uses the pfsense box for DNS, then it can't querry addresses. But, if the client uses the same DNS server as the Wan2 connection uses then it works.
Additionally, if the Wan1 gateway is down, then if pfsense is restarted, the NTP clock routine takes 3 or 4 minutes to time out as does the DNS forwarding startup. Finally, once pfsense is up and running, then it can't obtain update status nor package information. I must have something configured wrong, but setting up the failover gateways seems pretty straight forward.
-
I forgot to add, that I also have static routes set up to each of the DNS servers.
-
you need to add a floating rule to sort this
pass / don't select interface / protocol tcp-udp / source=any / destination=any / destination portrange=53 (dns) / gateway=loadbalance_group
this will sort out the dns forwarder issues and will also sort out the update status issue, most likely it will fix the ntp issues aswell
-
Thanks - that fixed the DNS issue, but not the package/ntp issue. However, I suspect that if I dig into the floating rules a bit more I can solve the rest of the issues. I had been meaning to figure out what the purpose of those rules were, so I'm happy to get pushed in that direction. Thanks again.
-
Do the same thing with port 123 for NTP. Should solve that issue. =)
-
The floating rules fix the DNS and UDP problem after bootup, but do nothing for the start times (adding 5 minutes to the boot up time). Of course, rebooting pfsense should be a rare thing…... I haven't been able to solve the package lookup or version lookup yet, but I suspect that is just another floating rule.