Re: [Shorewall-users] Redirecting DNS requests

Wed, 22 Aug 2018 11:11:15 -0700 

Lovely - Thank you

On 19 August 2018 at 22:46, Justin Pryzby <pry...@telsasoft.com> wrote:

> On Sun, Aug 19, 2018 at 06:29:28PM +0200, David Ventura wrote:
> > I would like to redirect (LAN) DNS requests to a different LAN server
> > (essentially forcing a failover for DHCP clients during the main DNS
> > maintenance)
> >
> > How can I achieve this?
>
> Something like
>
> #ACTION         SOURCE                  DEST     PROTO   DEST    SOURCE
>       ORIGINAL
> #                                                        PORT    PORT(S)
>        DEST
> DNAT            lan         dns:192.168.20.117     -       -       -
>        192.168.20.116
>
> I think you'd need to be sure that *all* dns queries go via the router, in
> both
> directions, which means "lan" hosts need to be on a different subnet than
> the
> DNS.
>
> If they're not, maybe you can change the subnet mask to /32 before the
> maintenance (by "before" I mean more than max DHCP lease interval before).
>
> Alternately, you could migrate DNS services to a new "high availability" IP
> (say, 192.168.20.53), which is assigned as a 2nd/virtual/alias IP
> (eth1:dns) on
> the existing interface.  You'd update dhcpd.conf (and wait DHCP lease
> interval)
> for dynamic hosts, and resolv.conf for static servers.  Before the
> maintenance,
> you'd ifdown eth1:dns on the active server and ifup eth1:dns on the standby
> server.  pacemaker is the tool I've used which automates that process.
>
> Justin
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>



-- 
*Stack* is the new term for "I have no idea what I'm actually using".

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to