I have two Wan connections from different suppliers (different IP’s, subnets and dns records), I’m using two different routes to set up a failover which is working well except that when I switch to Wan2 web pages dont load, we get DNS failure to resolve errors. I can ping ip addresses sucessfully though.
I’m guessing it’s because the DNS records of both Wan’s are different. any advise?
I’m assuming you mean DNS lookups/queries are failing over WAN2? If so, are you using ISP DNS or using something like Google, OpenDNS, UltraDNS, etc?
If using ISP DNS, keep in mind some ISP’s block resolution from IPs outside their network. If you are trying to resolve DNS from ISP2 using DNS servers that belong to ISP1, it probably won’t work.
Sorry yes I meant the DNS lookup’s are failing. Do you know if there is a work around for this?
Your workaround would be to use public DNS servers instead of your ISP’s DNS servers. It’s unlikely your ISP will allow queries from outside of their IP space.
A lot of people will recommend either OpenDNS (208.67.222.222 and 208.67.220.220) or Google DNS (8.8.8.8 and 8.8.4.4). There are countless others.
Thanks, I was just about to reply as I saw your message. I hadnt created a src-nat rule in the firewall for wan2. Once I created that it worked perfectly.
On sites with multiple WAN interfaces and different ISP (therefore different DNS) I add a specific route for each DNS so it always uses the correct ISP.
In respect to failover, a script to change the DNS may be useful approach.
Using 8.8.8.8 or 8.8.4.4 does work but some CDN’s do not like it and get content from distant sites rather than local (faster ones) e.g Microsft Update, Youtube etc