For WAN failover to a backup WAN (second ISP), what is the best trigger (failed DNS, failed ping, etc.)?

What kind of circuit is it? What protocols? If BGP, how about loss of BGP peer? What kind of traffic patterns? Any synthetic trans that you could push over the link?

I've never been much of a fan for failing a wan link based on ping. . . maybe others have different opinions. DNS failures could work, but what about when there's little or no traffic? Without knowing your traffic patterns, it's hard to say whether DNS failures would work. Why not have both links active and move BGP advertisement when the peer breaks?

Have fun!
Steve

It's OPNSense running on a router with Spectrum (dynamic) ip as the primary and Verizon DSL as the backup.  Ping or dns inquiry would be to google DNS (8.8.8.8) every 5 seconds or so.  Or a DNS query would be generated by the router with same frequency.

Then that should work. No reason to complicate a solution if something simple will work.

Steve 

Which option pinging 8.8.8.8 or sending a dns inquiry Steve?

I would do both unless you can do a TCP DNS lookup. If you can't, I'd send a ping and a dns lookup, and then you can decide to fail over if BOTH or either one fail to get a response.

Are you scripting a fail over or is this something built into OPNSense?

Built in. I guess it's 6 of one, half dozen of the other?

Got it.  Thanks Steve!