DNS Server setting, Round Robin or Fail-over

Pepwave Surf SOHO MK3 Firmware 8.0.0

When manually specifying WAN DNS servers (WAN > Connection Details > WAN Connection Settings > DNS Servers > :ballot_box_with_check: Use the following DNS server address(es)), are the servers listed used for load balancing (in a round robin or similar fashion), or does Server 2 act as a fail-over for Server 1? I’d to list a primary DNS server and a secondary one as a fail-over. But I am not sure this is how that works. And the use guide had no information.


Good question. I had always assumed failover. I bet @sitloongs will know.


And we have some “devices” from other manufacturers where the DNS inquiries are sent to the resolvers in parallel and “the first reply wins.”

OK, @sitloongs, what say you? :nerd_face:


Packet capture will tell the story behind:

I will let @Rick-DC @MartinLangmaid to summarize the packet capture results.

@Rick-DC Bingo !


There is no better illustration than that! :+1:

1 Like

Thanks @sitloongs and everyone else. It would be nice to have a way to specify a fail-over DNS as my question came up when my configured DNS service appeared to have some issues yesterday (as DNS resolutions where intermittently failing). But in general, I would prefer my queries to go through them.

Based on the capture provided by @sitloongs it would appear that multiple resolvers are being queried simultaneously (good!) and if one of them fails the resolution may be delayed by a few ms but otherwise there should be no adverse impact. That’s not what you are seeing?

1 Like

Initially I only had one server specified. When it acted up yesterday I added a second one to (temporarily) resolve (no pun intended) the issue. Which raised my question. Ironically my preferred DNS provider (Quad9) is slightly slower than the alternatives I would use as a fail over. I like the security and privacy enhancements Quad9 adds and am willing to pay an ~12ms penalty (based on a DNS Benchmark) for it. So in my case, if I add a second server (which I would want only as a fail over), it would basically become the “primary” given it would consistently be a few milliseconds faster (with the two checked in parallel).

This is the first time I’ve ever had a hiccup with Quad9 in the couple years I’ve been using it. I can just stay with the single specification and modify it in the very rare event of an issue again. Obviously the nicer solution would be the ability for me to specify a fail over with a timeout as to when to try the fail over.

Understood. We generally use Quad9 but have also observed it is a few ms behind others such as Cloudfare. (We have no recent experience with Google.) Would you consider specifying Quad 9’s secondary DNS also so as to minimize the likelihood of a disruption? (I’m sure you know that they have different addresses depending on whether DNSSEC is in use and whether or not you want a filtered response. If not, send me a PM and I’ll give you the addresses.)

1 Like