Jump to content


Photo

Remote DNS setup with failover?

DNS

This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1 Robert James

Robert James
  • Members
  • 8 posts

Posted 21 July 2015 - 06:21 PM

We have about 22 remote offices and one datacenter. We have Domain Controllers in the datacenter which the remote offices can get to via a MPLS connection. We are setting up the remote office with 2 connections. One is the MPLS and the other is a Comcast Business Internet connection. Each office has a Barracuda NG 280 firewall.  Our local resources would need to be looked up via the DC's but if the MPLS link goes down that will not longer be available and I'd like to add a public DNS server so they users would still be able to get to the Internet.  Would it be best to provide the users via DHCP the IP of the NG and then add the internal and public DNS server to the NG's caching DNS service?  Or would it be better to provide the end users the actual IP's of the DC's and public DNS servers directly and not use DNS on the NG?

I'm also open to any better solutions if these two are not the best.

Thanks for any help.

Robert



#2 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts

Posted 22 July 2015 - 02:19 AM

Introducing DNS on NGs in remote offices will decrease latency for DNS queries. I'd also think about running slave DNS on NGs instead of cache for your AD domain, so any changes are immediately pushed to all DNS servers.



#3 Robert James

Robert James
  • Members
  • 8 posts

Posted 22 July 2015 - 10:25 AM

OK that sounds good.  Where can I find out more info on this and how to set it up?  Is there a white paper or how-to writeup?  I have tried searching but not sure exactly what to search on.  They are obviously a ton of hits when you search on DNS.

 

Thanks!



#4 Steve Vickers

Steve Vickers
  • Barracuda Team Members
  • 45 posts

Posted 24 July 2015 - 03:34 AM

https://techlib.barracuda.com/NG61/DNS

 

The DNS service itself is just added as a new service under the virtual server, just like the firewall or VPN service. See the link above for configuring the DNS service. Don't forget to disable the caching DNS service in Adminstrative settings though.



#5 Mark Shanley

Mark Shanley
  • Members
  • 15 posts

Posted 27 July 2015 - 03:13 AM

Robert,

 For some feedback on the DNS service on the Barracuda NG Firewalls, I'll throw my 2 cents into the pot. I am running the DNS service on an HA Pair and it is working perfectly including HA. I followed the same notes posted by Steve Vickers. I had one small problem during the set up and it has to do with the naming of your zones. I would have to look at the ticket to give you the details but it was something minor like no - in the name. All in all I am very happy with the DNS service on the firewall.