I have a network setup where I have multiple sites connected into a primary hub location for a Site-To-Site. This works great. All network functionality works great.
The need is to be able to set the remote site DNS servers to my internal subnet that is providing the DNS records for lookup. In this case that is 10.0.0.3. Unfortunately, my remote sites use non-static IP addresses. On my sites with static IP addresses, this is no problem, and I setup a NetWatch to bounce the DNS between the hub and the local ISP in the event that the DNS servers drop.
I have found that if I disable use-peer-dns through the dhcp-client and set my DNS servers to 10.0.0.3 manually. I can again use NetWatch to bounce between my local DNS and the ISP DNS in the event of an outage. And everything works perfectly. The problem is if the router itself ever reboots fully the internet completely stops working and the router becomes inaccessible except for that sites local network.
It appears the router requires something about the use-peer-dns to allow it to start up correctly. Does anyone know a way around this problem? Or why this problem is occurring?
Maybe it’s just me, but it doesn’t seem clear what exactly you do. Some more info could help, how exactly is everything connected, what kind of tunnels are used, what addresses are where, …
Did this on the fly let me know if it helps? I can clarify further.
Because the site 3978 and 8794 are dynamic. I have to disable use-peer-dns to allow the manually set DNS records to take effect. This gets me the desired outcome of having the system check my DNS servers for the appropriate records. But as soon as the router located at 3978/8794 reboots with those settings set to NO the system never recovers. Until they are turned back on and the system is rebooted again. I need to be able to establish the local DNS connection in a way that the routers can reboot and come back up successfully.
Firewall is good. Communication is good. Everything checks out. Its just when those settings are in place rebooting is not possible.
It’s better. As I understand it, the problem could be that L2TP client connects to hostname and when you reboot the router while it has 10.0.0.3 as DNS server, it can’t resolve it and can’t connect. And if ISP’s DNS is dynamic, you don’t know what address should netwatch set as DNS. Did I get it right?
If so, my first idea was to check DHCP lease script and hopefully there would be DNS address even with the peer DNS option disabled, but according to manual it’s not there at all. Another solution, even easier in fact, would be to temporarily use some public resolver (e.g. 8.8.8.8) if nothing better is available.
edit: Well, not really temporarily, because with peer DNS option disabled, you wouldn’t know what it is. But since 10.0.0.3 is supposed to be the main one, public resolver would be only a backup and I don’t see any problem using it.
