10-27-2016 11:15 PM - edited 03-05-2019 07:22 AM
Hi Guys and Girls
I have a Scenario where i setup a new isp as a failover on a asa firewall (no problem here)
But what about incomming traffic.
EG: ISP1 goes down and ISP2 takes over, then my public ip has changed .
Would you: Lower the TTL on the zone and correct the records manually, use dynamic DNS or is there an 3rd option i don't know about
11-21-2016 11:13 AM
Hi,
I have never used an ASA to peer with multiple providers, but Can't you just add the second ISP's DNS info to your firewall? This way when your public IP changes, you can still reach the secondary DNS.
Overall, as long ad both primary and backup providers DNSs are reachable, it shouldn't matter what public IPs you are using right?
HTH
11-21-2016 11:31 AM
Hi Reza.
Thank you for the answer, but the problem isn't outgoing dns, I'm worried about the incomming traffic.
EG: My ISP 1 has Multiple Public IP,s XXX.XXX.XXX.178-186 or something, then my ISP crash and the failover goes to ISP 2 which has public ip's XXX.XXX.XXX.223-228
How would my Public DNS server get updated easiest and fastest in order to keep the public services online ?
11-21-2016 12:10 PM
Hi,
I am not a DNS expert, so if I say something that doesn't make sense, please ignore it. How about pointing to google DNS (8.8.8.8 or 8.8.4.4) or a name server like:
c.root-servers.net |
192.33.4.12 |
This way, you don't have any dependency to any providers. As long as these IPs are reachable (using either one of the providers) you should be able to resolve.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: