i am using two different ISP.
In ISP 1 i am using private DNS server
In ISP 2 i am using Public DNS server(8.8.8.8)
my problem is that when 1st ISP down then i am not able to use internet
i am following error
server can't google.com REFUSED in clearos
is there anyway to resolved this problem
vi /etc/resolv.conf
nameserver 127.0.0.1
vi /etc/resolv-peerdns.conf
nameserver a.b.c.d(private DNS)
nameserver 8.8.8.8
In ISP 1 i am using private DNS server
In ISP 2 i am using Public DNS server(8.8.8.8)
my problem is that when 1st ISP down then i am not able to use internet
i am following error
server can't google.com REFUSED in clearos
is there anyway to resolved this problem
vi /etc/resolv.conf
nameserver 127.0.0.1
vi /etc/resolv-peerdns.conf
nameserver a.b.c.d(private DNS)
nameserver 8.8.8.8
In Multi-WAN
Share this post:
Responses (11)
-
Accepted Answer
-
Accepted Answer
Is your ISP blocking GoogleDNS? Or do they mandate the use of their DNS servers? Can you try OpenDNS (208.67.222.222 and 208.67.220.220)?
Only if that fails, try setting your primary DNS to 8.8.8.8 and adding a firewall rule like:
If you do it from the command line for testing, change $IPTABLES to iptables.$IPTABLES -w -t nat -I OUTPUT -p udp --dport 53 -o your_WAN1_interface -j DNAT --to-destination your_ISP1_DNS_server
If this works, you should also add a tcp rule. -
Accepted Answer
if i use below dns configuration.
vi /etc/resolv-peerdns.conf
nameserver 8.8.8.8
nameserver a.b.c.d(private DNS)
above configuration work only if ISP 1 down and IPS 2 is up
if ISP 1 come UP then dns resolved problem occur i.e i am not able to access internet if ISP 1 come up
can you describe what is DNS lookups fail over. when i can configure -
Accepted Answer
Please stop using the the private DNS. It is not helping you. Especially as you note it works when you give googledns priority. You've done all the diagnosis but refuse to accept the conclusion.
If the private DNS gives the wrong type of response when accessed through WAN2, then DNS lookups will not fail over. Guess what? That is what you're seeing.
Even if DNS lookups did fail over, you'd need to wait for each individual lookup to fail before it uses GoogleDNS for that lookup. It will give you very poor response times when WAN1 fails. -
Accepted Answer
I am not using proxy in transparent mode. i have to configure proxy setting in every client browser for accessing internet.
when WAN 1 is down if i put public dns(8.8.8.8) above private dns then internet working fine.
change this
vi /etc/resolv-peerdns.conf
nameserver a.b.c.d(private DNS)
nameserver 8.8.8.8
in this
vi /etc/resolv-peerdns.conf
nameserver 8.8.8.8
nameserver a.b.c.d(private DNS)
[root@proxy ~]# lspci -k | grep Eth -A 3
0b:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)
Subsystem: IBM Device 03a9
Kernel driver in use: bnx2
Kernel modules: bnx2
0b:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)
Subsystem: IBM Device 03a9
Kernel driver in use: bnx2
Kernel modules: bnx2 -
Accepted Answer
I think you should still configure DNS servers in the clients. At least set it to your ClearOS LAN IP.
You cannot rely on the transparent proxy as it does not work with https. While troubleshooting, please turn off the proxy. You may also want to turn on the DHCP server as well. There is no reason you can't use it along side the proxy in the future.
Please also give up on the private DNS server. Again, while troubleshooting please use public DNS servers.
What do you see in /var/log/syswatch when LAN1 goes down?
Also please give the output of "ipconfig /all" from a Windoze client.
Assuming ClearOS 7 please also give the output to:
.... and please put the results between code tags (the piece of paper icon with a <> on it)ifconfig | grep flags -A 1
lspci -k | grep Eth -A 3 -
Accepted Answer
[quote]Nick Howitt wrote:
when WAN1 is down i am not able to access internet . when i access internet in client system it generating error of not unable resolved that domain.
when i nslookup in clearos it showing DNS REFUSED error.
i have configure clearos in Non-Transparent + No User Authentication mode
that why i have not configure dns server in client system only ip address , subnet mask and gateway manually
In /etc/dnsmasq.d/dhcp.conf
[root@proxy ~]# vi /etc/dnsmasq.d/dhcp.conf
read-ethers
~
~
~
~
~
nothing is there
[root@proxy ~]# vi /etc/dnsmasq.conf
bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=jkd.cctns.in
expand-hosts
no-negcache
port=53
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
~
vi /etc/resolv-peerdns.conf
nameserver a.b.c.d(private DNS) provided by ISP 1 for accessing internet
nameserver 8.8.8.8 -
Accepted Answer
Are you saying that when WAN1 goes down ClearOS is OK accessing the internert but not the LAN? If that is the case which DNS servers do your LAN devices use? Are they manually configured or do they get their DHCP servers from ClearOS by DHCP?
From a Windoze PC, what is the output of "ipconfig /all"?
From ClearOS, what is the contents of /etc/dnsmasq.d/dhcp.conf? -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »