Hi > I am trying to configure dnsmasq to provide DNS failover for a small (50 > client) LAN. I have a leased line back to the head office, where my > Active Directory DNS servers are located, and a DSL internet connection. > Both of these are plugged into a linux-based router, which is plugged > into the LAN switch. The router directs internet traffic to the DSL line > and inter-office traffic to the leased line.
It seems you could take this entirely out of the domain of dnsmasq and make it a TCP problem? Two quick ideas: 1) Give the head office DNS servers some effectively internet visible IP address and then set that address as your dns server - normal routing should then ensure that traffic traverses the leased line when it can and the internet router otherwise - in both cases you should get the DNS responses you need for all services to work? Presumably your dsl router is a fixed IP, so just firewall the public DNS IPs to limit access> 2) Use OpenVPN or your favourite VPN software to tunnel into the head office over the internet. Now arrange for normal failover to occur and traffic traverses either leased line or vpn as appropriate. For bonus marks you can setup openvpn over the leased line and then bond the two connections giving either reliable connections, or with some tinkering it's possible to somewhat increase speed by using both interfaces simultaneously Both of these rely on using the dsl route to still get to the head office DNS server If you wanted a crude hack to achieve forced DNS routing then note that you can use iptables to implement redirect or DNAT on any packets. In this way you could use iptables to redirect the headoffice dns server to some public DNS server... Personally I think this is overkill. Use whatever monitoring script you use to failover and have that tweak your resolv.conf. There are various ways this can happen almost automatically, ie I believe networkmanager or connman implement all kinds of resolvconf magic for you, I use openresolv from Roy Marples which does much the same thing, but less magic. http://roy.marples.name/projects/openresolv/wiki/OpenResolvConfig This way you simply bring up/down interfaces and the resolvconf is tweaked automatically for you. If you want even more control then look at dhcpcd from Roy. Despite the name, this provides hooks to control and setup static interfaces and works with openresolv to handle all kinds of failover magic. My favourite is probably 1) above. Simple and easy to setup, but depends on your requirements Good luck Ed W
