Hello all, I am trying to configure dnsmasq to provide DNS failover for a small (50 client) LAN. I have a leased line back to the head office, where my Active Directory DNS servers are located, and a DSL internet connection. Both of these are plugged into a linux-based router, which is plugged into the LAN switch. The router directs internet traffic to the DSL line and inter-office traffic to the leased line.
What I want to do is set up dnsmasq on the router to use the AD DNS servers whenever they are available and fall back to the DSL providers DNS servers if the AD DNS servers become unreachable due to a failure of the leased line. Its important to use the AD servers when possible because we are using the same domain name for our AD domain and our internet-facing services (on separate DNS servers), and some hosts exist in both zones (with different IP addresses). If I can set it up the way I described, it will allow certain services of ours to fail over automatically to use the Internet connection to provide users a backup service if the leased line fails. My router is running Debian Squeeze with resolvconf 1.46 and dnsmasq 2.55. The default config simply adds all the available DNS servers to dnsmasqs resolv.conf, which works fine for resolving Internet hosts but sometimes fails to resolve AD hosts (due to round-robin load balancing which dnsmasq does by default) and caches those failures. A simple workaround is to set the 'strict-order' option in dnsmasq.conf. However, this effectively disables load-balancing altogether and I believe it will lead to poor performance if the first few servers are unavailable, so Id prefer not to do it if theres a better way. Another option is to set 'server=/mydomain.com/1.2.3.4' and 'server=/mydomain.com/1.2.3.5' in dnsmasq.conf where 1.2.3.4 and 1.2.3.5 are my AD DNS servers. If I do this, dnsmasq will not fall back to the DSL providers servers to resolve mydomain.com hosts if the AD servers become unavailable, so this isnt really an option. Is there another way I can configure this that will produce the desired effect? Is dnsmasq the wrong choice for this sort of situation? Any suggestions are welcome. Thank you, Philip Bock
