[Dnsmasq-discuss] Failover from preferred to less-preferred DNS servers with dnsmasq

Philip Bock phil at flamewars.org
Tue Aug 2 17:04:56 BST 2011

Hello all,

I am trying to configure dnsmasq to provide DNS failover for a small (50
client) LAN. I have a leased line back to the head office, where my
Active Directory DNS servers are located, and a DSL internet connection.
Both of these are plugged into a linux-based router, which is plugged
into the LAN switch. The router directs internet traffic to the DSL line
and inter-office traffic to the leased line.

What I want to do is set up dnsmasq on the router to use the AD DNS
servers whenever they are available and fall back to the DSL provider’s
DNS servers if the AD DNS servers become unreachable due to a failure of
the leased line. It’s important to use the AD servers when possible
because we are using the same domain name for our AD domain and our
internet-facing services (on separate DNS servers), and some hosts exist
in both zones (with different IP addresses). If I can set it up the way
I described, it will allow certain services of ours to fail over
automatically to use the Internet connection to provide users a backup
service if the leased line fails.

My router is running Debian Squeeze with resolvconf 1.46 and dnsmasq
2.55. The default config simply adds all the available DNS servers to
dnsmasq’s resolv.conf, which works fine for resolving Internet hosts but
sometimes fails to resolve AD hosts (due to round-robin load balancing
which dnsmasq does by default) and caches those failures.

A simple workaround is to set the 'strict-order' option in
dnsmasq.conf. However, this effectively disables load-balancing
altogether and I believe it will lead to poor performance if the first
few servers are unavailable, so I’d prefer not to do it if there’s a
better way. Another option is to set 'server=/mydomain.com/'
and 'server=/mydomain.com/' in dnsmasq.conf where and are my AD DNS servers. If I do this, dnsmasq will not fall back
to the DSL provider’s servers to resolve mydomain.com hosts if the AD
servers become unavailable, so this isn’t really an option.

Is there another way I can configure this that will produce the desired
effect? Is dnsmasq the wrong choice for this sort of situation?

Any suggestions are welcome.

Thank you,
Philip Bock

More information about the Dnsmasq-discuss mailing list