I have a situation where I have a dual homed VOIP server that uses two internet connections. The solution works fine except for one problem, when the primary internet connection goes down, so does DNS resolution. This prevents my VOIP server from connecting to my VOIP provider on the backup internet connection because it can't resolve the DNS names for the servers. I can't use the IP's because the provider likes to move their servers around.
So my "workaround" plan is to update the HOSTS entries every x minutes on a cron job, this way unless the the primary internet is down for an extended period of time and the servers IP addresses change, i should be good.
However, I can't really think of a good way to do this, keeping in mind that if the dns entries can't be resolved, I don't want to overwrite them with blanks or error information.
Any suggestions?
EDIT:
Perhaps I wasn't quite clear. The reason I need to do this is because my VOIP provider likes to move their servers around. If I'm using a cacheing name server, and they move the servers, then i'll be hitting stale DNS data, and if I set the DNS cache time low enough then it defeats the purpose, because when the primary internet goes down, the cache will expire before it comes back up and i'm in the same boat.
What I need is a way to get the best of both worlds, which is the ability to react to DNS changes quickly, but not lose the ability to resolve if the connection goes down, thus the only solution I can think of is the updated hosts file.
Also, using OpenDNS doesn't solve anything because DNS lookups don't occur on the secondary net connection, they always go out on the primary one. This is the problem. Even though i've bound the app to two interfaces which use different net connections, it only does DNS lookup on the primary connection.
-
I don't have any experience with using 2 internet connection at the same time but could it work if you put the dns servers of the two providers in your resolv.conf (It can be done with "supersede domain-name" in your dhclient.conf) ?
From brunoqc -
Why don't you install a local caching DNS server (e.g. bind) - configuring it is very simple.
This way you only ever ask your local DNS server, and it asks (and caches) from your ISP's nameserver. You simply need to add in the forwarders directive to
named.conf...forwarders { xxx.xxx.xxx.xxx; //. 1st DNS Server xxx.xxx.xxx.xxx; //. 2nd DNS Server };(You can add as many as you like).
MikeyB : +1: I was going to say that.... :)Mystere Man : Because that doesn't solve the problem, in fact it makes it worse. A caching nameserver defeats the purpose of using DNS in the first place, since in order to make it useful for my purposes you have to set the cache time so high that the dns gets stale when my VOIP provider changes IP's.Rich : It would only cache based on the TTL of the DNS record. If the VOIP provider changes their server IP, presumably their TTL is low - so this is actually a good answer.Mystere Man : Yes, but you're still not comprehending the problem. Let's say my VOIP provider has a TTL of 30 mintues on their DNS record, that means that after 30 minutes the cache expires. If my net connection is down for 5 hours (which is common), then it will not have a cached DNS for 4.5 hours. So the other option is to override the TTL, but that means my DNS won't know about any new DNS changes until my overriden TTL expires, which means stale DNS and not able to connect. Either way, i've got a problem.From Xerxes -
DNS itself is a distributed database trying to keep a hosts file updated. It does this via recursive lookups, and caches the results locally, with an expiration. BIND does this for you.
From jldugger -
Why don't you just use a third party dns server instead? opendns is fast, reliable and free.
They will be completely independent of which internet connection you are running through, you really shouldn't need to stuff around with host files and cron jobs.
EDIT: Based on your edit...
So you haven't defined the second connection as an alternative gateway?
You can give the second connection a higher 'metric' value which effectively means it becomes the default gateway if the primary connection goes down.
Here's the route man page and a good howto
Once you've done that, you should be able to use a good non ISP DNS provider (Like OpenDNS), and have two fully redundant Internet connections.
/ Richy
Mystere Man : As I said in my post, DNS resolution only occurs on the primary internet connection, using OpenDNS doesn't solve the problem because DNS resolution won't occur on the second connection.Rich : That doesn't make any sense. Either it's an Internet connection or it isn't. DNS is just a service like HTTP, SIP or anything else. Oh - I see you've edited your question. I think you need to figure out why DNS requests don't go via your backup Internet connection, that is your fundamental underlying problem. It sounds like your router isn't configured correctly. I see you've downvoted everybody, that's not very sporting when everybody is trying to help you. I think here you just need to understand your problem a bit better. Based on your original question most of these answers are helpful.Mystere Man : None of the quesitons are helpful because they don't address the problem I asked for, and they don't work in this configuration. The OS only sends DNS requests via the default interface and gateway. It has nothing to do with a router, since both internet connections are connected directly to the internet. The application makes it's DNS requests via the default gateway, which is my primary internet connection. This is the way it's supposed to work, and the way it does. Just because I bind my app to a second interface doesn't mean it's going to use that interface for DNS requests.Mystere Man : Let me give you an example. Let's say you have two internet connections, one DSL and one Cable. You hook them both directly to your Linux server with 2 NIC's. You configure DNS, etc.. then ping www.google.com. Works fine. then ping -I eth1 www.google.com, also works fine. Now, disconnect your eth0, and try ping -I www.yahoo.com, it will fail because it can't resolve DNS. Does that give you a concrete example of the problem?Mystere Man : er.. ping -I eth1 www.yahoo.comRich : Yep. You haven't defined the second Internet connection as a gateway. You can give the second connection a higher 'metric' value which means it only gets used if the primary connection goes down. Here's the man page and howto: http://linux.die.net/man/8/route http://lartc.org/howto/lartc.rpdb.multiple-links.htmlMystere Man : *sigh*. No. I already have split-access setup. That doesn't help. And the load-balancing solution doesn't work if the problem is 2 or 3 hops out, it only works if the actual network link goes down. So the solution to that problem is to use a heartbeat script that alters the default gateway when you can't ping a host, which isn't reliable. I've been down this road too many times already. The simple solutions work best, and i'm trying to keep it simple.Mystere Man : To be more clear. Split access only allows the OS to respond to packets on the interface they come in on, rather than via the default gateway (as is the default). It doesn't cause DNS queries to go out the interface being used. The load balancing option, and gateway metrics only don't detect route failures further up the chain, and it's really designed for a router anyways, not when the packets originate on the computer. Thus you need a heartbeat script to detect if you can reach your destination, and change the default gateway, but this causes problems kernel problems if it's too frequentFrom Rich -
You could also use the OpenDNS' nameservers which should work for both ISP.
208.67.222.222 208.67.220.220
From brunoqc
0 comments:
Post a Comment