This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Thomas_Hennebe1
Participant
‎2021-02-16 07:49 AM

ISP redundancy and DNS records for Web Servers in DMZ

Jump to solution

Hello all,

I have a question regarding ISP redundancy and DNS records for Web Servers behind my firewall.

Lets say I have a R80.30 Cluster XL with one ISP. I have a reverse proxy in my dmz which services stuff like webmail and some webservers. Each service has a unique public IP which is resolvable via A record  for my domain from my externally configured DNS Servers. DNS looks like follows:

 

mydomain.com. 1800 IN NS ns1.dnsprovider.com
mydomain.com. 1800 IN NS ns2.dnsprovider.com
webmail.mydomain.com 1800  IN A 1.1.1.1 (sorry cloudflare, this is just an example)
webserver.mydomain.com 1800  IN A 1.1.1.2 (see above)

 

If I add a second ISP, how can I make sure that in case of failure of ISP 1 my web-services are still reachable? The documentation for ISP redundancy and DNS proxy is not clear to me.

Do I have to point my domains name servers to my two public ip addresses of my firewalls now so that the DNS proxy can resolve the correct external IP during failover (so change ns1.dnsprovider.com to the public external IP of my firewall)?

What happens for non-A-records? Do I have to configure the external DNS provider for the firewall to forward the traffic to?

Thanks for your help 😉

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Leader
Leader
‎2021-02-16 12:12 PM

Jump to solution

The solution with „DNS proxy“ for ISP redundancy does only work if you host your DNS internal. Queries from external for your DNS names are intercepted by the gateway and answered with an IP specified for every ISP. 
How this is working can be found in  „ISP Redundancy and DNS“ of Advanced configuration options for ISP Redundancy 

We are using Azures TrafficManager for these type of connection. TrafficManager can do a probing via ping or HTTPS or other to different destinations and then answers with an available destination.

Have a look at Cheap DNS Failover with Azure Traffic Manager 

Wolfgang

View solution in original post

2 Replies
Vladimir
Champion
Champion
‎2021-02-16 10:23 AM

Jump to solution

This is typically done in/with your public DNS service provider if you host your primary zone with them.

If you host it locally, you can script it yourself.

You configure service probing to change the A record when it fails on the first target.

0 Kudos
Wolfgang
Leader
Leader
‎2021-02-16 12:12 PM

Jump to solution

The solution with „DNS proxy“ for ISP redundancy does only work if you host your DNS internal. Queries from external for your DNS names are intercepted by the gateway and answered with an IP specified for every ISP. 
How this is working can be found in  „ISP Redundancy and DNS“ of Advanced configuration options for ISP Redundancy 

We are using Azures TrafficManager for these type of connection. TrafficManager can do a probing via ping or HTTPS or other to different destinations and then answers with an available destination.

Have a look at Cheap DNS Failover with Azure Traffic Manager 

Wolfgang

View solution in original post