Fallback DNS address if one connection fails

kiwistag
kiwistag used Ask the Experts™
on
At present our local Exchange is undergoing an upgrade.
We use an ADSL connection to it and yesterday we had an outage for a few hours as the telco never informed us that they were doing maintenance mid-day taking circuits offline! This has happened a few times in the past with either equipment failing or upgrades that should have an outage of a few seconds taking hours instead..

At present we have a static IP assigned by our ISP & all traffic is set to go to this from our DNS registrations for our website & onsite e-mail server.

We do have a wireless backup link (currently on a dynamic IP but may soon change it to static) where we can connect in remotely to see what is going on rather than be on hold for ages to our ISP to find out what is wrong..

If this was set to a static IP, is it possible to set it to be a secondary/backup point if the primary one is down? I can do the magic at our end to change the gateway routing to the other router if need be & get it to switch back over once the primary link is online..
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
As far as I am aware you would need to dynamically update the DNS registrations whenever you changed your IP address
Nolan MasonIT Professional

Commented:
I do a round-robin DNS configuration for mine, but I have static IPs on two separate ISPs.  I keep both connections active all the time with load-balancing using a router (small computer with two NICs, actually) that I loaded pfSense on.

If you do an nslookup on my mail server address, it resolves to two IP addresses.  The way I set it up was to set two DNS records, one for each IP address, that point to mail.<mydomain>.com

I've had one or the other connection go down several times, but our E-Mail never missed a beat.

WP
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Nolan MasonIT Professional

Commented:
By the way, if you want a pfSense box and aren't comfortable setting it up yourself, I know a place in my home town that sells them for a very fair price, unlike the $2000 XRoads charges for a router based on the same platform.

http://dynamic-i.com
Nolan MasonIT Professional

Commented:
Sorry to keep going on, but I should probably have also mentioned that I am in no way affiliated with Dynamic-I.  I just use them for IT consulting occasionally, and I really like their work.

WP

Author

Commented:
WhitePhantom: Cheers. I'm familiar with pfSense - never could get IPSEC VPN site to site tunnels going however :( (from different EE question)..

I was thinking about Round Robin - we use at one site for our Terminal Servers. The only issue is that customers who hit the wireless connection are going to be slow...
I'll read through the links you both provided however when I have a couple of minutes spare. :)
Top Expert 2014
Commented:
When you say e-mail server, I am assuming you are talking about just sending or receiving e-mail.  Not using a e-mail client to check/read e-mail.

If you are talking about sending and receiving e-mail, then for sending you just need to make sure you have something in your network that can detect your primary ISP link is down and use your alternate/back-up link.

For receiving e-mail you can setup two MX records, say mail1.mydom.com and mail2.mydom.com, and make the IP address for mail1.mydom.com the address you use for your primary ISP link and make mail2.mydom.com use the IP address for your alternat/backup.  Make sure you set mail1.mydom.com priority higher (lower number) than mail2.

Also round robin DNS for inbound connect to a web server will not work the way you want.  If I do a DNS lookup for 'www.mydom.com' and I get back address1, I will continue to use address1 until the TTL expires and and flush that entry from my DNS cache.  I will then do another query, but there is no guarantee which address I will get back.  The DNS server does not detect that a link is down and only send out the IP address of the link that is up.

Also there are MANY DNS server in the chain.  My PC does a query to my DNS server, which forwards the request to my ISP's DNS server, which may get it from yours.  My PC, my DNS server, and my ISP DNS server will cache your response for the lenght of time specified by your TTL which could be many days or a few seconds.

If your primary link is up, doing round robin basically means that about 1/2 of your connection will go over the wireless connection and be slow.  If your primary link fails it means that about 1/2 of your connection will still be attempting to use the link that is down and fail.

There are a couple of ways to "fix" this:

1) Get two links from the same ISP that go through different local exchange offices.  Let the ISP balance the traffic.
2) Get two links from different ISP's that go through different local exchange offices, get a /24, get a ASN, do BGP with your ISP's.
3) Host your servers is a colo that has good redundant Internet links.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial