DNS Servers - use gateway - groups?
-
As I understand it, and can see in the code:
a) DNS Servers specified in System:General Setup get get queried using the default gateway.
b) If a gateway is selected in the "Use gateway" column, then a static route is added for that DNS Server to be routed through the specified gateway, forcing queries to it out the requested gateway.Typically, the popular public DNS servers provide 2 IP addresses (for redundancy…) e.g.
OpenDNS:
208.67.222.222
208.67.220.220
DynDNS:
216.146.35.35
216.146.36.36These providers have paid services that can filter DNS queries, returning a block page address for "naughty" names... To use these effectively, pfSense needs to query only the DNS servers of the selected provider. Thus only 2 DNS server IPs are available.
On a system with WAN1 and WAN2, the typical solution is to assign DNS-IP1 to WAN1GW and DNS-IP2 to WAN2GW.
When WAN1 is down, the system is then reliant on DNS-IP2 working on WAN2.
When WAN2 is down, the system is then reliant on DNS-IP1 working on WAN1.If there are 3+ WANs, then you can't spread just 2 DNS IPs across 3+ WANs. So if WAN1 and WAN2 are down, and WAN3 is up, there is internet but no DNS.
If DNS Servers could be assigned to gateway groups, then it would be flexible and redundant.
e.g.
DNSIP1 on DNSGWG1 - WAN1 tier1, WAN3, tier2, WAN2, tier3
DNSIP2 on DNSGWG2 - WAN2 tier1, WAN3, tier2, WAN1, tier3
Then if any WAN fails, the pfSense code can change the static route to the highest tier available WAN in the gateway group.Feature http://redmine.pfsense.org/issues/785 also mentions this kind of thing - comments imply that something might be possible in pf rules also.
a) Have I missed something, and the needs above can already be met in some way by the existing system?
b) Is DNS Server assignment to a gateway group a useful feature to add?
c) If so, is it best done all in pfSense PHP code changing the static routes in response to gateway status changes, or by some method in pf?