[Dnsmasq-discuss] Failover from preferred to less-preferred DNS servers with dnsmasq

Ed W lists at wildgooses.com
Mon Aug 8 15:04:31 BST 2011


> I am trying to configure dnsmasq to provide DNS failover for a small (50
> client) LAN. I have a leased line back to the head office, where my
> Active Directory DNS servers are located, and a DSL internet connection.
> Both of these are plugged into a linux-based router, which is plugged
> into the LAN switch. The router directs internet traffic to the DSL line
> and inter-office traffic to the leased line.

It seems you could take this entirely out of the domain of dnsmasq and
make it a TCP problem?

Two quick ideas:

1) Give the head office DNS servers some effectively internet visible IP
address and then set that address as your dns server - normal routing
should then ensure that traffic traverses the leased line when it can
and the internet router otherwise - in both cases you should get the DNS
responses you need for all services to work? Presumably your dsl router
is a fixed IP, so just firewall the public DNS IPs to limit access>

2) Use OpenVPN or your favourite VPN software to tunnel into the head
office over the internet.  Now arrange for normal failover to occur and
traffic traverses either leased line or vpn as appropriate.  For bonus
marks you can setup openvpn over the leased line and then bond the two
connections giving either reliable connections, or with some tinkering
it's possible to somewhat increase speed by using both interfaces

Both of these rely on using the dsl route to still get to the head
office DNS server

If you wanted a crude hack to achieve forced DNS routing then note that
you can use iptables to implement redirect or DNAT on any packets.  In
this way you could use iptables to redirect the headoffice dns server to
some public DNS server...

Personally I think this is overkill.  Use whatever monitoring script you
use to failover and have that tweak your resolv.conf.  There are various
ways this can happen almost automatically, ie I believe networkmanager
or connman implement all kinds of resolvconf magic for you, I use
openresolv from Roy Marples which does much the same thing, but less magic.

This way you simply bring up/down interfaces and the resolvconf is
tweaked automatically for you.  If you want even more control then look
at dhcpcd from Roy. Despite the name, this provides hooks to control and
setup static interfaces and works with openresolv to handle all kinds of
failover magic.

My favourite is probably 1) above. Simple and easy to setup, but depends
on your requirements

Good luck

Ed W

More information about the Dnsmasq-discuss mailing list