Forums

×

Warning

JUser: :_load: Unable to load user with ID: 166331
Medium
Offline
Resolved
0 votes
i am using two different ISP.

In ISP 1 i am using private DNS server
In ISP 2 i am using Public DNS server(8.8.8.8)

my problem is that when 1st ISP down then i am not able to use internet

i am following error
server can't google.com REFUSED in clearos

is there anyway to resolved this problem


vi /etc/resolv.conf
nameserver 127.0.0.1


vi /etc/resolv-peerdns.conf
nameserver a.b.c.d(private DNS)
nameserver 8.8.8.8
Wednesday, December 07 2016, 04:16 PM
Share this post:
Responses (11)
  • Accepted Answer

    Friday, December 09 2016, 08:52 PM - #Permalink
    Resolved
    0 votes
    I don't know what is needed for DNS failover. I suspect it is a null response rather than a "go away" type of response such as your ISP seems to be giving. I'll let you research the details.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 09 2016, 08:41 PM - #Permalink
    Resolved
    0 votes
    Is your ISP blocking GoogleDNS? Or do they mandate the use of their DNS servers? Can you try OpenDNS (208.67.222.222 and 208.67.220.220)?

    Only if that fails, try setting your primary DNS to 8.8.8.8 and adding a firewall rule like:
    $IPTABLES -w -t nat -I OUTPUT -p udp --dport 53 -o your_WAN1_interface -j DNAT --to-destination your_ISP1_DNS_server
    If you do it from the command line for testing, change $IPTABLES to iptables.

    If this works, you should also add a tcp rule.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 09 2016, 07:19 PM - #Permalink
    Resolved
    0 votes
    if i use below dns configuration.

    vi /etc/resolv-peerdns.conf
    nameserver 8.8.8.8
    nameserver a.b.c.d(private DNS)


    above configuration work only if ISP 1 down and IPS 2 is up

    if ISP 1 come UP then dns resolved problem occur i.e i am not able to access internet if ISP 1 come up


    can you describe what is DNS lookups fail over. when i can configure
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 09 2016, 07:02 PM - #Permalink
    Resolved
    0 votes
    Please stop using the the private DNS. It is not helping you. Especially as you note it works when you give googledns priority. You've done all the diagnosis but refuse to accept the conclusion.

    If the private DNS gives the wrong type of response when accessed through WAN2, then DNS lookups will not fail over. Guess what? That is what you're seeing.

    Even if DNS lookups did fail over, you'd need to wait for each individual lookup to fail before it uses GoogleDNS for that lookup. It will give you very poor response times when WAN1 fails.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 09 2016, 06:27 PM - #Permalink
    Resolved
    0 votes
    I am not using proxy in transparent mode. i have to configure proxy setting in every client browser for accessing internet.

    when WAN 1 is down if i put public dns(8.8.8.8) above private dns then internet working fine.

    change this
    vi /etc/resolv-peerdns.conf
    nameserver a.b.c.d(private DNS)
    nameserver 8.8.8.8


    in this
    vi /etc/resolv-peerdns.conf
    nameserver 8.8.8.8
    nameserver a.b.c.d(private DNS)


    [root@proxy ~]# lspci -k | grep Eth -A 3
    0b:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)
    Subsystem: IBM Device 03a9
    Kernel driver in use: bnx2
    Kernel modules: bnx2
    0b:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20)
    Subsystem: IBM Device 03a9
    Kernel driver in use: bnx2
    Kernel modules: bnx2
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 09 2016, 05:25 PM - #Permalink
    Resolved
    0 votes
    I think you should still configure DNS servers in the clients. At least set it to your ClearOS LAN IP.

    You cannot rely on the transparent proxy as it does not work with https. While troubleshooting, please turn off the proxy. You may also want to turn on the DHCP server as well. There is no reason you can't use it along side the proxy in the future.

    Please also give up on the private DNS server. Again, while troubleshooting please use public DNS servers.

    What do you see in /var/log/syswatch when LAN1 goes down?

    Also please give the output of "ipconfig /all" from a Windoze client.

    Assuming ClearOS 7 please also give the output to:
    ifconfig | grep flags -A 1
    lspci -k | grep Eth -A 3
    .... and please put the results between code tags (the piece of paper icon with a <> on it)
    The reply is currently minimized Show
  • Accepted Answer

    Friday, December 09 2016, 05:04 PM - #Permalink
    Resolved
    0 votes
    [quote]Nick Howitt wrote:


    when WAN1 is down i am not able to access internet . when i access internet in client system it generating error of not unable resolved that domain.
    when i nslookup in clearos it showing DNS REFUSED error.

    i have configure clearos in Non-Transparent + No User Authentication mode

    that why i have not configure dns server in client system only ip address , subnet mask and gateway manually


    In /etc/dnsmasq.d/dhcp.conf

    [root@proxy ~]# vi /etc/dnsmasq.d/dhcp.conf
    read-ethers
    ~
    ~
    ~
    ~
    ~

    nothing is there



    [root@proxy ~]# vi /etc/dnsmasq.conf
    bogus-priv
    cache-size=5000
    conf-dir=/etc/dnsmasq.d
    dhcp-authoritative
    dhcp-lease-max=1000
    domain-needed
    domain=jkd.cctns.in
    expand-hosts
    no-negcache
    port=53
    resolv-file=/etc/resolv-peerdns.conf
    strict-order
    user=nobody
    ~

    vi /etc/resolv-peerdns.conf
    nameserver a.b.c.d(private DNS) provided by ISP 1 for accessing internet
    nameserver 8.8.8.8
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, December 08 2016, 05:30 PM - #Permalink
    Resolved
    0 votes
    Are you saying that when WAN1 goes down ClearOS is OK accessing the internert but not the LAN? If that is the case which DNS servers do your LAN devices use? Are they manually configured or do they get their DHCP servers from ClearOS by DHCP?

    From a Windoze PC, what is the output of "ipconfig /all"?
    From ClearOS, what is the contents of /etc/dnsmasq.d/dhcp.conf?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, December 08 2016, 04:24 PM - #Permalink
    Resolved
    0 votes
    [quote]Nick Howitt wrote:


    The purpose of the private DNS for accessing internet. it is our LAN which is not reachable from ISP 2 .
    i have already tried Google dns and Opendns not working at all.

    can i set private dns(x.x.x.x) for ISP 1 and 8.8.8.8 for ISP 2
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, December 08 2016, 04:10 PM - #Permalink
    Resolved
    0 votes
    The purpose of private DNS is for accessing internet. It is given by ISP 1,
    The DNS given by ISP 1 is only accessible from its LAN

    It is not reachable from ISP2

    I have already tried google dns and opendns but it is not working at all
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, December 07 2016, 06:55 PM - #Permalink
    Resolved
    1 votes
    What is the purpose of the private DNS? Is it on your LAN or on the internet? Is it reachable vis ISP2? Have you tried setting the the private DNS to 8.8.4.4 (Googles other server) just to see what happens?
    The reply is currently minimized Show
Your Reply