Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

External DNS settings for Mobile Clients on backup internet line

I currently have mobile users who use software installed on their PCs that connects to our server using our external WAN IP and port forwarding.

The router connecting to the server has a backup internet line from a separate ISP.

Currently, if the internet goes down, I need to log into each mobile client and reconfigure the software to connect using the backup WAN IP.

I haven't had to do this yet, but don't want to in the future.

The software can use either a Hostname or IP.

If I configure the software to use a Hostname, is there a way to configure DNS to point to the primary WAN IP, but when it is down, switch to the backup WAN IP?

Or would I be stuck with setting it up with a short TTL and changing it manually when the connection is down.
0
pmitllc
Asked:
pmitllc
  • 2
1 Solution
 
Giovanni HewardCommented:
You'd want the mobile devices to point to a FQDN.  You'd then create two corresponding A records which resolve to the separate IP addresses.  Once the mobile device fails to connect to one A record IP address it should try the secondary IP address automatically.

If not, then you could use a very low TTL value and update the IP address manually for a single A record.  

You'd need to test the multiple A record approach with each unique mobile device (make/model) to see how it's TCP/IP stack responds when being presented with multiple A records, and when encountering a timeout condition with one of the IP addresses.

Unfortunately with the dual A record approach you don't necessarily have control over which A record is attempted first.  While it's possible whichever one is presented first is used, it may vary between mobile devices.  The device may perform a round robin approach between the two IP addresses.  Either way, the possible effect being your "backup" line is responding to requests when your "primary" line is operational.
0
 
pmitllcAuthor Commented:
I think I am going to use the low TTL method.  At least I will only have to change one thing if the internet goes down.
0
 
Giovanni HewardCommented:
That's probably preferable.  Another way to go would be to write a script which checks the primary connection every x interval and updates the A record automatically when a timeout is encountered.  It could notify you via email/sms of the failure, and restore the A record to the primary IP address when the connection is restored.

This would be running on a remote site of course.  NPing for example (part of the Nmap package), could be used to connect to a specific port over a specific protocol, etc., in instances where ICMP is blocked.

nping --tcp -p 80 www.example.com

Open in new window


If your DNS provider doesn't have an API to do this, there are plenty of other options to automate authenticating and updating the record.  See Curl, etc.  Python, PHP, Perl, etc. all have the capability to do this.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now