Incoming WAN Failover Question (Functionality)
-
Hello all,
I've searched Google, the pfsense.org website, and a little bit in this forum for this answer but couldn't come up with something definitive. Forgive me if it's been answered elsewhere.
We currently have a device that does incoming WAN failover and load balancing for our hosted servers on two different T1s from different providers. What the device actually does is become the authoritative DNS responder for the hostnames we want to load balance.
So for example, if we're hosting www.xyz.com, we have a registrar for that domain, then we host the DNS for the domain at dyndns.org. However, instead of just assigning IN A records for www.xyz.com, we do an IN NS record to an IP on each T1 that goes to the sharing device, which in turn responds with the actual IP for the client to use based on what links are up and which are being utilized.
My question is does pfsense do something like this? In my research, I have found that a typical round robin DNS setup won't work since it will respond with addresses to possibly dead links.
For the purposes of network simplification, we would like to have the firewall take over this functionality. However, surprisingly (imo), we can't seem to find any commercial firewall vendors that do it. Only devices that exist outside the firewall, such as f5, fatpipe, or EdgePRO seem to be available.
I hope I explained this clearly enough. I appreciate any responses. Thanks.
-
There is a DNS server package available that will automatically switch to a failover IP when the primary IP is unavailable. Check out the DNS Server testing area of the forum.
