[Dnsmasq-discuss] Failover from preferred to less-preferred DNS servers with dnsmasq
phil at flamewars.org
Tue Aug 2 17:04:56 BST 2011
I am trying to configure dnsmasq to provide DNS failover for a small (50
client) LAN. I have a leased line back to the head office, where my
Active Directory DNS servers are located, and a DSL internet connection.
Both of these are plugged into a linux-based router, which is plugged
into the LAN switch. The router directs internet traffic to the DSL line
and inter-office traffic to the leased line.
What I want to do is set up dnsmasq on the router to use the AD DNS
servers whenever they are available and fall back to the DSL providers
DNS servers if the AD DNS servers become unreachable due to a failure of
the leased line. Its important to use the AD servers when possible
because we are using the same domain name for our AD domain and our
internet-facing services (on separate DNS servers), and some hosts exist
in both zones (with different IP addresses). If I can set it up the way
I described, it will allow certain services of ours to fail over
automatically to use the Internet connection to provide users a backup
service if the leased line fails.
My router is running Debian Squeeze with resolvconf 1.46 and dnsmasq
2.55. The default config simply adds all the available DNS servers to
dnsmasqs resolv.conf, which works fine for resolving Internet hosts but
sometimes fails to resolve AD hosts (due to round-robin load balancing
which dnsmasq does by default) and caches those failures.
A simple workaround is to set the 'strict-order' option in
dnsmasq.conf. However, this effectively disables load-balancing
altogether and I believe it will lead to poor performance if the first
few servers are unavailable, so Id prefer not to do it if theres a
better way. Another option is to set 'server=/mydomain.com/126.96.36.199'
and 'server=/mydomain.com/188.8.131.52' in dnsmasq.conf where 184.108.40.206 and
220.127.116.11 are my AD DNS servers. If I do this, dnsmasq will not fall back
to the DSL providers servers to resolve mydomain.com hosts if the AD
servers become unavailable, so this isnt really an option.
Is there another way I can configure this that will produce the desired
effect? Is dnsmasq the wrong choice for this sort of situation?
Any suggestions are welcome.
More information about the Dnsmasq-discuss