[Dnsmasq-discuss] Failover from preferred to less-preferred DNS servers with dnsmasq
lists at wildgooses.com
Wed Aug 10 17:28:00 BST 2011
> I'm not sure how this achieves the objective - the AD DNS servers will
> now be available when the leased line is not, so my clients will
> continue to try to use the private IPs for my services when I want them
> to use the Internet-facing ones.
Sorry, my misunderstanding - I didn't realise this was what you were
trying to achieve
>> 2) Use OpenVPN or your favourite VPN software to tunnel into the head
>> office over the internet.
> This works but adds complexity and overhead to the network, potentially
> reducing performance and reliability. A DNS-based solution would be much
Understood, but also note that if you haven't tried OpenVPN then do give
it a go! It's performance is superb and you are likely to be able to
achieve 100mbit+ performance fairly easily (reports suggest it maxes out
at some few hundred mbit mainly due to the kernel performance of tun/tap
devices, rather than openvpn limiting you).
Obviously if you are in Windows world mainly then other VPN options may
be preferable, but I personally find that whilst the setup looks
daunting on most of them, until you actually try... After that the
setup looks fairly straightforward and quite a few implementations can
use certificates, private keys, LDAP, etc, for authentication
Using a VPN solves a bunch of problems that you haven't yet worried
about such as eavesdropping, forced routing and the like?
Simple is often best though!
More information about the Dnsmasq-discuss