Quick question about DNS setup for 2 failover WANs
-
Hi All,
I am setting up a fail over setup for my WAN connections.
Everything is going smooth but I have to assign two different DNS to each of WAN GWs and this is where I am not sure what to do:
Currently in System -> General setup I have to DNS servers specified which are my two internal DNS servers. Can I assign each of them to two of my WAN GW or should I add ISP DNS servers for each corresponding gateway and if I do so how if anyway will it affect my configuration (by having two internal DNS listed with no GW assigned and two ISP with GW assigned).
On my main lan DHCP is provided by dedicated DHCP server. On one of my vlans pfsense is providing DHCP service.
Any clarification what is the best approach in my situation would be much appreciated.
Thank you.
-
Depends on what the DNS is used for.
If you are running an internal DNS server that is doing lookups to the root (or subordinate) servers, you can use that for your clients and for pfSense. When you failover, the DNS queries to the root will just route differently. Very little overhead and maintenance from a management perspective.
You could use Google's or any other public DNS provider as tertiary or quaternary servers in the DNS list (System->General). That way if your internal DNS has an issue, pfSense and clients can use the tertiary and quaternary DNS servers.
I don't have my pfSense installation in front of me right now, but there is another DNS setting in pfSense for DNS proxying or something like that. Make sure you take a look at that too. I think it might be relevant to your setup.
-
Hi Tim,
Thank you for taking time to address my questions.
Probably I should start with stating that I am asking those questions as I could not find good explanation of mechanics and reasons for setting those DNS records for Gateways hence I could not figure out if I can set my internal DNS servers or not.
To answer your questions - my two internal DNS are replicating to each other and are providing DNS services to all workstations on LAN. They do look up in first instance to forwarders set to 8.8.4.4 and 8.8.8.8 and then if not available to root DNS servers.
So if I understood correctly, following your advice I can set one of each of my internal DNS servers to each of the WAN gateways.
But, correct me if I am wrong - it does not matter that both internal DNS look-up to same forwarders which are google dns servers?
Thanks
-
Ok seems that I got it working by just adding public DNS entries in General Setup tab and assigning them to two of the gateways.
-
But, correct me if I am wrong - it does not matter that both internal DNS look-up to same forwarders which are google dns servers?
You are correct.
If your servers are configured properly and they have access to reach the root servers, and due to the distributed nature of DNS, it should work.