On Aug 3, 2011, at 12:25 PM, Ed W wrote: > On 03/08/2011 16:49, Tom Eastep wrote: >> >> On Aug 3, 2011, at 7:42 AM, Jamie Begin wrote: >> >>> I'm using Shorewall with a load-balanced muti-ISP config along with >>> LSM for failover. It's working great, except for DNS requests. I'd >>> appreciate some advice on how to best configure this. >>> >>> The WAN connections are a T1 through XO and a cable connection through >>> Comcast. About 80% of the traffic is routed out the Comcast >>> connection under normal connections. I would like to ensure that DNS >>> requests that leave the Comcast interface are routed to Comcast's DNS >>> servers and vice versa for XO. I know I can add some entries in >>> tc-rules, but this only solves part of the problem. > ... > >> I suggest that you run a caching-only name server on the firewall and >> not bother with your ISPs' name servers. > > ... > > > This still leaves you the problem of what to do if a client isn't > configured to use the caching nameserver on the firewall... (DHCP might > help of course)
If hosts behind the gateway are configuring their own name servers, there are more basic problems with the installation than the multi-ISP issue. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
