cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
794
Views
0
Helpful
2
Replies

ISP Failover using BGP but DNS Resolution Fails

burtmianus
Level 1
Level 1

Hiya,

 

So we have 2 physical sites (Datacenter and DR site), about 40 miles apart with a L2 link connecting the two together. Both sites have a 200/200mbps ISP link and we have configured our firewalls to have /30 ranges connected to both routers so that under normal circumstances internet traffic routes out the local router, but if the rotuer is unavailable it will traverse the L2 and out the other router. 

 

When using the primary routes, DNS works fine but when we do a failover we lose 5 pings then connectivity is restored but external DNS resolution on our Active Directory domain controllers' DNS forwarders fails. We are using BT's main DNS servers and this is configured at both sites, so it's not as though the servers aren't available for some reason via the other site's ISP connection. Pings and traceroutes by IP work fine, it's just DNS, and of course without DNS the failover is almost useless!

 

When i look at the logs on the firewall during the failover, i can see DNS traffic going out to these servers so it doesn't look like a firewall problem.

 

Any ideas?

 

Thanks

 

Chris

2 Replies 2

burtmianus
Level 1
Level 1

Ignore this - we had a firewall policy that i hadn't spotted that was configured to use the outbound interface rather than one of our /27 for NAT so when it failed over the traffic was NATing using an Ip that didnt exist on the failover router and so was being dropped at the router not the firewall. Added a pool and all is working nicely.

Hello,

 

can both ADs ping each other by name ? This might be AD failover/replication related...

 

P.S.: Just saw that you got it resolved, never mind my post...

Review Cisco Networking for a $25 gift card