What DNS servers to use with multiple connections

adsldomain-name-systemload balancingnetworking

I have a complex configuration of multiple ADSL connections from multiple ISPs being load balanced by a Draytek Vigor 3300V+

My question is what DNS settings should I use. Should I use the ISP setting for connection A or the ISP settings for connection B or something different?

I am currently using Google DNS settings 8.8.8.8 and 8.8.8.4 on my routers and draytek but I fear that this might be the cause of some problems. Can anyone advise or point me in the right direction.

PS As soon as Fibre reaches my office I can abandon this complex setup

Best Answer

Sidenote: I distinguish between forwarding/recursive/resolving DNS and non-forwarding/authoritative DNS. While technically both of them are using the same protocol, their actions do vary a lot. As you do mention 8.8.8.8, I do assume a forwarding DNS server.

Usually, your ISPs will limit the IP address ranges who may query their DNS servers.

So if you're experiencing line downtime with ISP A, your systems may try to query the DNS servers for ISP A via your line and IP address from ISP B. If ISP A did manage their systems well, they do refuse DNS requests from any "foreign" IP addresses (not belonging to ISP A).

There are probably only three solutions:

  • your router can dynamically proxy DNS requests according to connected lines
  • run your own DNS server
  • query a public DNS server

Many routers do offer a DNS proxy: you use your router's IP address as "your DNS server" and the router forwards DNS requests to the connected ISPs according to the currently connected lines. If you're connected to multiple ISPs and one of those ISPs does experience DNS downtime, some of your DNS requests will silently fail and you'll probably spend a lot of time figuring out what's wrong. If one of your ISPs does experience DNS downtime, but not line downtime, all your DNS requests need to go to the other ISP. In that situation, you need both ISPs for full internet access: one provides line and DNS, the other provides line. I don't recommmend those DNS proxies when you're using multiple lines. Complexity kills.

Running your own DNS server does have the following implications:

  • you should limit access to your DNS server. Poorly managed forwarding DNS servers do tend to be abused for e.g. launching Denial-of-service-attacks.
  • resolving a DNS name usually involves many steps, which do collect overall latency: your DNS server asks a root name server, who points to a tld-specific DNS server; your DNS server then asks that tld-specific DNS server, who in turn points to some authoritive DNS server of some hosting isp. Your DNS server will query that DNS server and get the final result. Of course, those requests are being cached for some time, but after all, all of those requests do add up some network latency. Fully resolving a DNS record "on your own" may take severely more time than asking a public DNS server (who probably already has a cached result).

So just from a performance point of view, it's probably a wiser idea to use a public DNS server like already mentioned Google DNS (8.8.8.8 and 8.8.4.4) or OpenDNS (see opendns.com).

Related Topic