2

I'm having a Linux gateway with two WANs each one is connected to different provider, each provider has his own DNS server, And local users are connected to the internet via this server [it's also serves as proxy server].

The Question is that is it possible to specify which DNS the server[Or the Proxy server i'm using Squid] will use based on the source ip of the local user ?

MohyedeenN
  • 1,063
  • 1
  • 12
  • 15
  • It can help to show any research you've already done. – Drew Khoury Oct 06 '13 at 11:00
  • All the results that i get is, adding a second name server in the resolve.conf, and i know this is not what needed in this case cause this works in round robin fashion, i have not been luck till now. – MohyedeenN Oct 06 '13 at 11:49
  • Why do you want to do this?? Is the Server acting as a DNS server as well? – Chris S Oct 06 '13 at 14:51
  • @ChrisS No the server does not act as a DNS, but since it is proxy server , the proxy server uses the DNS to resolve URLs, i'm using Squid proxy server and i have configured it to support dual WANS. – MohyedeenN Oct 06 '13 at 15:03

3 Answers3

0

You can have them all use the same fake IP for DNS server, and route to the right DNS according to the selected WAN.

Unsure how you determine how is the traffic going to get out (which one of your two ISPs...), but I would assume that you have two WAN NICs, let's call them eth0 and eth1.

Let's assume your fake DNS IP is 1.2.3.4 and that the "right" DNS for eth0 is 2.2.2.2 and the "right" DNS for eth1 is 3.3.3.3.

I believe this would do the trick:

iptables -t nat -I POSTROUTING -o eth0 -d 1.2.3.4 -j DNAT --to-destination 2.2.2.2
iptables -t nat -I POSTROUTING -o eth1 -d 1.2.3.4 -j DNAT --to-destination 3.3.3.3
Shimi
  • 116
  • 2
  • Sounds that this would do the trick, but in addition we need to specify the source IP [-s 192.168.20.0/24], i will test this and keep you updated with the results, i have to check one more thing, the source ip of the DNS query, if the source ip of the DNS is ip of proxy server this will fail. hope it's not! – MohyedeenN Oct 07 '13 at 08:08
  • Why would you need to specify the source IP? What determines (per your explanation, the way I understand it) the rule by which the DNS is selected, is per the WAN connection selected for the outgoing packets. The origin of those packets thus should not matter (IMHO) - you care about the target. Granted, you may be looking for ways to select which source goes to which WAN (that's what I was referring to when I said "Unsure how you determine how is the traffic going to get out") - but that's a routing decision, and the DNS needs to be the right one, no matter what... – Shimi Oct 07 '13 at 20:41
  • Will, i guess you are right, and it seems to me that it's going to work, it's just a matter of time to test it, cause this is a production server, Thanks Again. – MohyedeenN Oct 08 '13 at 08:31
-1

One way would be to use DHCP. DHCP manages the configuration of a client's network, and can include the configuration of the DNS resolver. With DHCP you can specify that a certain network, or certain range, or certain hosts will be given a particular network configuration, which can also include which DNS servers they will use.

In this case, hosts in network A could be configured in the DHCP scope to use DNS server B, and then hosts in network Y could be configured in the DHCP scope to use DNS server Z.

Joshua Miller
  • 1,378
  • 2
  • 11
  • 14
  • -1 Sorry! Great throught, but completely wrong. It's not the clients that are doing the DNS resolution, it's a proxy server. He wants it to use different DNS servers depending on the client's IP. – Chris S Oct 06 '13 at 19:12
  • @ChrisS yes the proxy is resolving. – MohyedeenN Oct 06 '13 at 21:56
-1

Yes, You can do this using views and forwarding in bind, these two questions have the answer (or something close to it):

I'm not sure how this will work in practice tho, NAT half your clients to one provider and half to the other?

Community
  • 1
JasperWallace
  • 214
  • 1
  • 4
  • -1 Sorry, but also completely wrong. He's asking how to make a Proxy server use different DNS servers based on the client's IP. – Chris S Oct 07 '13 at 00:46