Here’s the scenario: Dual WANs configured for failover load-balancing. Firewall / DNAT rules in place allowing either interface to be used for incoming connections, and Dynamic DNS is configured on eth6
for wan1.domain.com
and eth7
for wan2.domain.com
.
Problem: Want to have active-wan.domain.com
resolve to whichever WAN is active. Can’t use web-check
on the eth6
/ eth7
interfaces because the load-balancing policies apply to traffic originating from the router so wan1
and wan2
would always be set the active interface’s IP.
Solution: At first I thought it would be necessary to create a transition-script
for the load-balancing policy to update active-wan
outside of ddclient
during a transition, but I realized that I was over thinking the problem.
What I ended up doing was creating an additional DDNS entry on a separate interface for domain.com
which uses a web-check
.
set service dns dynamic interface eth5 web dyndns set service dns dynamic interface eth5 service custom-lb host-name active-wan.domain.com set service dns dynamic interface eth5 service custom-lb login user set service dns dynamic interface eth5 service custom-lb options zone=domain.com set service dns dynamic interface eth5 service custom-lb password pass set service dns dynamic interface eth5 service custom-lb protocol cloudflare set service dns dynamic interface eth5 service custom-lb server www.cloudflare.com
This exploits the load-balancing of the router’s traffic to discover the correct IP for active-wan
. During a failover transition, ddclient
will automatically detect that the IP has changed and update active-wan
— no transition-script
is necessary.
Note: Do not use web-check
for weighted load-balancing. It will constantly flap between WAN IPs.