Hello, I trying to setup multi-isp configuration (using latest bering-uClibc 3.1-beta1), and began reading the corresponding doc: shorewall.net/3.0/MultiISP.html I am not clear on how the DNS resolution happens if a DNS request from one provider goes to the other provider''s name server. ISPs these days serve their customers alone and reject all requests outside their network. 1. As part of multi-isp setup, is it possible to have the DNS requests routed thru'' a provider go to provider''s DNS IPs? 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? Appreciate any pointers or links. Thanks __ Seva ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
imap@adari.net wrote:> Hello, > > I trying to setup multi-isp configuration (using latest bering-uClibc > 3.1-beta1), and began reading the corresponding doc: > shorewall.net/3.0/MultiISP.html > I am not clear on how the DNS resolution happens if a DNS request > from one provider goes to the other provider''s name server. ISPs > these days serve their customers alone and reject all requests > outside their network. > > 1. As part of multi-isp setup, is it possible to have the DNS requests > routed thru'' a provider go to provider''s DNS IPs? > > 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? > > Appreciate any pointers or links.DNS is not a special case -- it obeys the same rules as any other connection. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- leaf-project.org
> > I trying to setup multi-isp configuration (using latest bering-uClibc > > 3.1-beta1), and began reading the corresponding doc: > > shorewall.net/3.0/MultiISP.html > > I am not clear on how the DNS resolution happens if a DNS request > > from one provider goes to the other provider''s name server. ISPs > > these days serve their customers alone and reject all requests > > outside their network. > > > > 1. As part of multi-isp setup, is it possible to have the DNS requests > > routed thru'' a provider go to provider''s DNS IPs? > > > > 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? > > > > Appreciate any pointers or links. > > DNS is not a special case -- it obeys the same rules as any other > connection. > > -TomThanks for a prompt response Tom. DNS not being special case does make sense. Do you have any suggestions on how to deal with the DNS look up failures when the requests are sent to wrong provider. Thanks ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
imap@adari.net wrote:>>> I trying to setup multi-isp configuration (using latest bering-uClibc >>> 3.1-beta1), and began reading the corresponding doc: >>> shorewall.net/3.0/MultiISP.html >>> I am not clear on how the DNS resolution happens if a DNS request >>> from one provider goes to the other provider''s name server. ISPs >>> these days serve their customers alone and reject all requests >>> outside their network. >>> >>> 1. As part of multi-isp setup, is it possible to have the DNS requests >>> routed thru'' a provider go to provider''s DNS IPs? >>> >>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? >>> >>> Appreciate any pointers or links. >> DNS is not a special case -- it obeys the same rules as any other >> connection. >> >> -Tom > > Thanks for a prompt response Tom. > > DNS not being special case does make sense. Do you have any suggestions > on how to deal with the DNS look up failures when the requests are sent > to wrong provider.What does "request are sent to wrong provider" mean? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- leaf-project.org
> >>> I trying to setup multi-isp configuration (using latest bering-uClibc > >>> 3.1-beta1), and began reading the corresponding doc: > >>> shorewall.net/3.0/MultiISP.html > >>> I am not clear on how the DNS resolution happens if a DNS request > >>> from one provider goes to the other provider''s name server. ISPs > >>> these days serve their customers alone and reject all requests > >>> outside their network. > >>> > >>> 1. As part of multi-isp setup, is it possible to have the DNS requests > >>> routed thru'' a provider go to provider''s DNS IPs? > >>> > >>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? > >>> > >>> Appreciate any pointers or links. > >> DNS is not a special case -- it obeys the same rules as any other > >> connection. > >> > >> -Tom > > > > Thanks for a prompt response Tom. > > > > DNS not being special case does make sense. Do you have any suggestions > > on how to deal with the DNS look up failures when the requests are sent > > to wrong provider. > > What does "request are sent to wrong provider" mean? > > -TomLet me give you an example: isp1: DNS 1.2.3.4, 2.3.4.5 isp2: DNS 3.4.5.6, 4.5.6.7 Assume that we list all the above in /etc/resolv.conf file. When you start the very first time, if using multi-isp, the request for DNS resolution could go to either of the two ISPs. Assume that the request goes to isp2 but the DNS server picked for resolution is 1.2.3.4. This scenario is what I am referring to as ''wrong provider'' (DNS resolution point of view). Thanks ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
imap@adari.net wrote:>>>>> I trying to setup multi-isp configuration (using latest bering-uClibc >>>>> 3.1-beta1), and began reading the corresponding doc: >>>>> shorewall.net/3.0/MultiISP.html >>>>> I am not clear on how the DNS resolution happens if a DNS request >>>>> from one provider goes to the other provider''s name server. ISPs >>>>> these days serve their customers alone and reject all requests >>>>> outside their network. >>>>> >>>>> 1. As part of multi-isp setup, is it possible to have the DNS requests >>>>> routed thru'' a provider go to provider''s DNS IPs? >>>>> >>>>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? >>>>> >>>>> Appreciate any pointers or links. >>>> DNS is not a special case -- it obeys the same rules as any other >>>> connection. >>>> >>>> -Tom >>> Thanks for a prompt response Tom. >>> >>> DNS not being special case does make sense. Do you have any suggestions >>> on how to deal with the DNS look up failures when the requests are sent >>> to wrong provider. >> What does "request are sent to wrong provider" mean? >> >> -Tom > > Let me give you an example: > isp1: DNS 1.2.3.4, 2.3.4.5 > isp2: DNS 3.4.5.6, 4.5.6.7 > > Assume that we list all the above in /etc/resolv.conf file. When you > start the very first time, if using multi-isp, the request for DNS > resolution could go to either of the two ISPs. Assume that the request > goes to isp2 but the DNS server picked for resolution is 1.2.3.4. > This scenario is what I am referring to as ''wrong provider'' (DNS > resolution point of view). >You might consider route_rules that route 1.2.3.4 and 2.3.4.5 out of isp1 and 3.4.5.6 and 4.5.6.7 out of isp2..... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
imap@adari.net wrote:>>>>> I trying to setup multi-isp configuration (using latest bering-uClibc >>>>> 3.1-beta1), and began reading the corresponding doc: >>>>> shorewall.net/3.0/MultiISP.html >>>>> I am not clear on how the DNS resolution happens if a DNS request >>>>> from one provider goes to the other provider''s name server. ISPs >>>>> these days serve their customers alone and reject all requests >>>>> outside their network. >>>>> >>>>> 1. As part of multi-isp setup, is it possible to have the DNS requests >>>>> routed thru'' a provider go to provider''s DNS IPs? >>>>> >>>>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? >>>>> >>>>> Appreciate any pointers or links. >>>> DNS is not a special case -- it obeys the same rules as any other >>>> connection. >>>> >>>> -Tom >>> Thanks for a prompt response Tom. >>> >>> DNS not being special case does make sense. Do you have any suggestions >>> on how to deal with the DNS look up failures when the requests are sent >>> to wrong provider. >> What does "request are sent to wrong provider" mean? >> >> -Tom > > Let me give you an example: > isp1: DNS 1.2.3.4, 2.3.4.5 > isp2: DNS 3.4.5.6, 4.5.6.7 > > Assume that we list all the above in /etc/resolv.conf file. When you > start the very first time, if using multi-isp, the request for DNS > resolution could go to either of the two ISPs. Assume that the request > goes to isp2 but the DNS server picked for resolution is 1.2.3.4. > This scenario is what I am referring to as ''wrong provider'' (DNS > resolution point of view). >The exact procedure would depend on how your using the dns services of the isp''s. Does just the firewall do the dns lookups or can every client contact the isp''s name servers? You can direct the lookups to the correct isp to begin with, use tcrules or route_rules files. Off the top of my head something like this in route_rules should work. - <ip_of_dns_server> <providermark> 1000 - <ip_of_dns_server2> <providermark2> 1000 edit <> as required This will cause all traffic to <ip_of_dns_server> to travel out that isp''s interface. You could be more selective if you use the tcrules file, by marking just the traffic of the ports involved. Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
terry.gilsenan@interoil.com
2007-Nov-06 03:15 UTC
Re: [leaf-user] DNS resolution for Multi-ISP
imap@adari.net wrote:>>>>> I trying to setup multi-isp configuration (using latest bering-uClibc >>>>> 3.1-beta1), and began reading the corresponding doc: >>>>> shorewall.net/3.0/MultiISP.html >>>>> I am not clear on how the DNS resolution happens if a DNS request >>>>> from one provider goes to the other provider''s name server. ISPs >>>>> these days serve their customers alone and reject all requests >>>>> outside their network. >>>>> >>>>> 1. As part of multi-isp setup, is it possible to have the DNS requests >>>>> routed thru'' a provider go to provider''s DNS IPs? >>>>> >>>>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? >>>>> >>>>> Appreciate any pointers or links. >>>>> >>>> DNS is not a special case -- it obeys the same rules as any other >>>> connection. >>>> >>>> -Tom >>>> >>> Thanks for a prompt response Tom. >>> >>> DNS not being special case does make sense. Do you have any suggestions >>> on how to deal with the DNS look up failures when the requests are sent >>> to wrong provider. >>> >> What does "request are sent to wrong provider" mean? >> >> -Tom >> > > Let me give you an example: > isp1: DNS 1.2.3.4, 2.3.4.5 > isp2: DNS 3.4.5.6, 4.5.6.7 > > Assume that we list all the above in /etc/resolv.conf file. When you > start the very first time, if using multi-isp, the request for DNS > resolution could go to either of the two ISPs. Assume that the request > goes to isp2 but the DNS server picked for resolution is 1.2.3.4. > This scenario is what I am referring to as ''wrong provider'' (DNS > resolution point of view). > >Perhaps, consider installing bind onto your router, configure it for forwarding, and then redirect all DNS queries to that service. I do this on many systems. It works flawlessly, and can save a fair bit of upstream bandwidth. Regards, T ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
In a scenario like this, I would just run bind on one of the local servers and let it do lookups from the DNS root, ignoring the ISPs forwarders completely. There''s no rule that you have to use them, they''re mostly for the desktop users who can''t maintain a long-term DNS cache... ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
> >>>>> I trying to setup multi-isp configuration (using latest bering-uClibc > >>>>> 3.1-beta1), and began reading the corresponding doc: > >>>>> shorewall.net/3.0/MultiISP.html > >>>>> I am not clear on how the DNS resolution happens if a DNS request > >>>>> from one provider goes to the other provider''s name server. ISPs > >>>>> these days serve their customers alone and reject all requests > >>>>> outside their network. > >>>>> > >>>>> 1. As part of multi-isp setup, is it possible to have the DNS requests > >>>>> routed thru'' a provider go to provider''s DNS IPs? > >>>>> > >>>>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? > >>>>> > >>>>> Appreciate any pointers or links. > >>>> DNS is not a special case -- it obeys the same rules as any other > >>>> connection. > >>>> > >>>> -Tom > >>> Thanks for a prompt response Tom. > >>> > >>> DNS not being special case does make sense. Do you have any suggestions > >>> on how to deal with the DNS look up failures when the requests are sent > >>> to wrong provider. > >> What does "request are sent to wrong provider" mean? > >> > >> -Tom > > > > Let me give you an example: > > isp1: DNS 1.2.3.4, 2.3.4.5 > > isp2: DNS 3.4.5.6, 4.5.6.7 > > > > Assume that we list all the above in /etc/resolv.conf file. When you > > start the very first time, if using multi-isp, the request for DNS > > resolution could go to either of the two ISPs. Assume that the request > > goes to isp2 but the DNS server picked for resolution is 1.2.3.4. > > This scenario is what I am referring to as ''wrong provider'' (DNS > > resolution point of view). > > > > You might consider route_rules that route 1.2.3.4 and 2.3.4.5 out of > isp1 and 3.4.5.6 and 4.5.6.7 out of isp2..... > > -TomThanks for the tip. I have read the route_rules doc and things are a bit clear to me. Thanks for all the help and wonderful package! ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
> >>>>> I trying to setup multi-isp configuration (using latest bering-uClibc > >>>>> 3.1-beta1), and began reading the corresponding doc: > >>>>> shorewall.net/3.0/MultiISP.html > >>>>> I am not clear on how the DNS resolution happens if a DNS request > >>>>> from one provider goes to the other provider''s name server. ISPs > >>>>> these days serve their customers alone and reject all requests > >>>>> outside their network. > >>>>> > >>>>> 1. As part of multi-isp setup, is it possible to have the DNS requests > >>>>> routed thru'' a provider go to provider''s DNS IPs? > >>>>> > >>>>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? > >>>>> > >>>>> Appreciate any pointers or links. > >>>> DNS is not a special case -- it obeys the same rules as any other > >>>> connection. > >>>> > >>>> -Tom > >>> Thanks for a prompt response Tom. > >>> > >>> DNS not being special case does make sense. Do you have any suggestions > >>> on how to deal with the DNS look up failures when the requests are sent > >>> to wrong provider. > >> What does "request are sent to wrong provider" mean? > >> > >> -Tom > > > > Let me give you an example: > > isp1: DNS 1.2.3.4, 2.3.4.5 > > isp2: DNS 3.4.5.6, 4.5.6.7 > > > > Assume that we list all the above in /etc/resolv.conf file. When you > > start the very first time, if using multi-isp, the request for DNS > > resolution could go to either of the two ISPs. Assume that the request > > goes to isp2 but the DNS server picked for resolution is 1.2.3.4. > > This scenario is what I am referring to as ''wrong provider'' (DNS > > resolution point of view). > > > > The exact procedure would depend on how your using the dns services of > the isp''s. Does just the firewall do the dns lookups or can every client > contact the isp''s name servers? You can direct the lookups to the > correct isp to begin with, use tcrules or route_rules files. Off the top > of my head something like this in route_rules should work. > > - <ip_of_dns_server> <providermark> 1000 > - <ip_of_dns_server2> <providermark2> 1000 > edit <> as required > > This will cause all traffic to <ip_of_dns_server> to travel out that > isp''s interface. You could be more selective if you use the tcrules > file, by marking just the traffic of the ports involved. > > JerryThanks Jerry for the example. I understand now how ''route_rules'' can help for directing the traffic. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
Quoting Andrew Suffield <asuffield@suffields.me.uk>:> In a scenario like this, I would just run bind on one of the local > servers and let it do lookups from the DNS root, ignoring the ISPs > forwarders completely. There''s no rule that you have to use them, > they''re mostly for the desktop users who can''t maintain a long-term > DNS cache... >We have a local split level DNS and hence, I think, route_rule would be a better choice. Thanks ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
Quoting terry.gilsenan@interoil.com:> imap@adari.net wrote: > >>>>> I trying to setup multi-isp configuration (using latest bering-uClibc > >>>>> 3.1-beta1), and began reading the corresponding doc: > >>>>> shorewall.net/3.0/MultiISP.html > >>>>> I am not clear on how the DNS resolution happens if a DNS request > >>>>> from one provider goes to the other provider''s name server. ISPs > >>>>> these days serve their customers alone and reject all requests > >>>>> outside their network. > >>>>> > >>>>> 1. As part of multi-isp setup, is it possible to have the DNS requests > >>>>> routed thru'' a provider go to provider''s DNS IPs? > >>>>> > >>>>> 2. Does listing all ISP''s DNS IPs into /etc/resolve.conf help? > >>>>> > >>>>> Appreciate any pointers or links. > >>>>> > >>>> DNS is not a special case -- it obeys the same rules as any other > >>>> connection. > >>>> > >>>> -Tom > >>>> > >>> Thanks for a prompt response Tom. > >>> > >>> DNS not being special case does make sense. Do you have any suggestions > >>> on how to deal with the DNS look up failures when the requests are sent > >>> to wrong provider. > >>> > >> What does "request are sent to wrong provider" mean? > >> > >> -Tom > >> > > > > Let me give you an example: > > isp1: DNS 1.2.3.4, 2.3.4.5 > > isp2: DNS 3.4.5.6, 4.5.6.7 > > > > Assume that we list all the above in /etc/resolv.conf file. When you > > start the very first time, if using multi-isp, the request for DNS > > resolution could go to either of the two ISPs. Assume that the request > > goes to isp2 but the DNS server picked for resolution is 1.2.3.4. > > This scenario is what I am referring to as ''wrong provider'' (DNS > > resolution point of view). > > > > > Perhaps, consider installing bind onto your router, configure it for > forwarding, and then redirect all DNS queries to that service. I do this > on many systems. It works flawlessly, and can save a fair bit of > upstream bandwidth. > > Regards, > TThanks for your suggestion. We internally have a DNS system that we want to continue to use and hence I am thinking ''route_rule'' is the way to go. Thanks ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com
<quote who="imap@adari.net"> [...]> DNS not being special case does make sense. Do you have any suggestions > on how to deal with the DNS look up failures when the requests are sent > to wrong provider.Easyest is to actually have your own Internal DNS Caching Server. Configured in a way it has alterative forwarders, it will take care of serving all internal clients, and fail over to the next available forwader. As you are customer of both providers, they should accept request from this DNS Server, and your prolbem is solved. One advantage is also, that your DNS Requests will be served way faster than through the ISP Link, and you don''t need any special configuration on any other device to have this setup working. Cheers Joerg -- ------------------------------------------------------------------------ | Joerg Mertin : smurphy@solsys.org (Home)| | in Forchheim/Germany : smurphy@linux.de (Alt1)| | Stardust''s LiNUX System : | | Web: solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> get.splunk.com