[Dnsmasq-discuss] Failover from preferred to less-preferred DNS servers with dnsmasq

Ed W lists at wildgooses.com
Wed Aug 10 17:28:00 BST 2011


> I'm not sure how this achieves the objective - the AD DNS servers will
> now be available when the leased line is not, so my clients will
> continue to try to use the private IPs for my services when I want them
> to use the Internet-facing ones.

Sorry, my misunderstanding - I didn't realise this was what you were
trying to achieve

>> 2) Use OpenVPN or your favourite VPN software to tunnel into the head
>> office over the internet.
> This works but adds complexity and overhead to the network, potentially
> reducing performance and reliability. A DNS-based solution would be much
> simpler.

Understood, but also note that if you haven't tried OpenVPN then do give
it a go!  It's performance is superb and you are likely to be able to
achieve 100mbit+ performance fairly easily (reports suggest it maxes out
at some few hundred mbit mainly due to the kernel performance of tun/tap
devices, rather than openvpn limiting you).

Obviously if you are in Windows world mainly then other VPN options may
be preferable, but I personally find that whilst the setup looks
daunting on most of them, until you actually try...  After that the
setup looks fairly straightforward and quite a few implementations can
use certificates, private keys, LDAP, etc, for authentication

Using a VPN solves a bunch of problems that you haven't yet worried
about such as eavesdropping, forced routing and the like?

Simple is often best though!

Good luck!

Ed W

More information about the Dnsmasq-discuss mailing list