On Sun, Aug 19, 2018 at 06:29:28PM +0200, David Ventura wrote: > I would like to redirect (LAN) DNS requests to a different LAN server > (essentially forcing a failover for DHCP clients during the main DNS > maintenance) > > How can I achieve this?
Something like #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST DNAT lan dns:192.168.20.117 - - - 192.168.20.116 I think you'd need to be sure that *all* dns queries go via the router, in both directions, which means "lan" hosts need to be on a different subnet than the DNS. If they're not, maybe you can change the subnet mask to /32 before the maintenance (by "before" I mean more than max DHCP lease interval before). Alternately, you could migrate DNS services to a new "high availability" IP (say, 192.168.20.53), which is assigned as a 2nd/virtual/alias IP (eth1:dns) on the existing interface. You'd update dhcpd.conf (and wait DHCP lease interval) for dynamic hosts, and resolv.conf for static servers. Before the maintenance, you'd ifdown eth1:dns on the active server and ifup eth1:dns on the standby server. pacemaker is the tool I've used which automates that process. Justin ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
