Am Mittwoch, 3. August 2011, 10:42:09 schrieb Jamie Begin: > I'm using Shorewall with a load-balanced muti-ISP config along with LSM for > failover. It's working great, except for DNS requests. I'd appreciate some > advice on how to best configure this. > > The WAN connections are a T1 through XO and a cable connection through > Comcast. About 80% of the traffic is routed out the Comcast connection > under normal connections. I would like to ensure that DNS requests that > leave the Comcast interface are routed to Comcast's DNS servers and vice > versa for XO. I know I can add some entries in tc-rules, but this only > solves part of the problem. It still requires that clients know which DNS > server to request. But since the client has no idea which WAN interface the > request will travel through, it can't know whether to send the lookup to > Comcast or XO's DNS server. > > I suspect that I need to do some time of outgoing NAT. But I'm not sure if > I'm over-complicating things. And if I'm not, how do I configure something > like this? Thanks! Hello Jamie, you can try to split the dns "questions" with dnsmasq, if you have a provider config where you split the traffic by domain.
# dnsmasq.conf # ask comcast for comcast domains server=/comcast.com/68.87.29.164 (So you move the problem from the client to the server.) Hope that help a little bit. Best regards Jörg ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
