[ previous ] [ next ] [ threads ]
 
 From:  krt <kkrrtt at gmail dot com>
 To:  Aaron Cherman <aaronc at morad dot ab dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How are DNS Server Addresses Treated?
 Date:  Mon, 14 May 2007 23:31:40 -0700
On m0n0wall, DNS queries are sequential and not subsequent.  The order 
of the hosts matters.  You can verify this by placing a sniffer in 
between your m0n0wall and your DNS servers.

This is the common UNIX method.  It is not like the Microsoft method of 
Scattershot DNS and take the first return.

dnsmasq polls servers in the same fashion.

DNS queries are a client generated event.  In m0n0wall (FreeBSD) and 
other UNIX variants, you'll find that the default timeout period for a 
DNS response is 30 seconds.

Microsoft (and others) do a new trick, where they try all servers in the 
list at the same time, or nearly the same time.  They will take the 
first response and move on.  It's an interesting way to speed up DNS, in 
the event that one of the defined servers has failed.

dnsmasq has the same timeout values that I've observed.




What I would do is this:

On your m0n0wall, set it's primary DNS server to your dnsredirector server.

Since m0n0wall requires dnsmasq for captive portal functions, you will 
have to use dnsmasq.  dnsmasq uses the same server list as the m0n0wall 
and will also use the dnsredirector as the primary DNS.

I would then go and set some regular DNS servers as secondary and 
tertiary for failover in the event that the dnsredirector box goes away.

This insures that all of your customers go through the very neat 
dnsredirector box, and perhaps you can do more with it down the road in 
addition to solving the service outage notification problem and saving 
all of those false truck rolls and CHURN.

I hope this helps and that I've not missed something.

-- krt




Aaron Cherman wrote:
> Okay, this is further to my project of having a web page show up for our WiSP customers in the
event that our incoming fiber goes down - see "Captive Portal While Service Unavailable".
> 
> I have found a software app (www.dnsredirector.com) that has the ability to redirect requests as
per defined rules.  This could work if m0n0wall can't see it's primary DNS servers and then looks to
this server.  My question is how does m0n0wall deal with the DNS server list.  Does it always look
for the first entry first, then second entry second, and so on?  Could I enter this server's address
as the fourth in config.xml?  And what is the timeout before moving on?
> 
> Thanks again for everyone's help.
> 
> 
> Aaron