The peplink’s caching dns resolver is leaking bytes across one of our pay-per-byte networks … We want to keep this network as an ‘active backup’ not a cold spare as we selectively move only very specific traffic over this link under some circumstances. There doesn’t seem to be a way to prevent the peplink dns resolver from resolving dns via this link whenever it so chooses though … We are running 6.1.2 build 3071 on a balance 580.
I’ve found Network -> Default Connection Priority and Network -> Lan -> DNS Proxy -> Advanced. The options under DNS Proxy -> Advanced aren’t explained very well – but its my guess from testing that the ‘Preferred Connections’ checkbox relates to the settings in Network -> Default Connection Priority – and there is no way to uncheck the ‘Preferred Connections’ box (it doesn’t uncheck when clicked).
My guess of how this is working is that when the higher priority WAN becomes very slow to resolve DNS (which happens all the time in our environment which consists of slow congested satellite links), peplink starts resolving dns via the ‘preferred connections’ policy. I would rather that DNS is always resolved based on the result of the health-check evaluation. As long as the congestion on my higher priority WAN is insufficient to cause my health check to fail, the peplink will keep attempting to resolve DNS via the higher priority WAN – and only after health check has failed will it start resolving DNS by the lower priority WAN.
I’ve been capturing traffic using https://rr-peplink-gw/cgi-bin/MANGA/support.cgi and analyzing the pcap file for the ‘expensive’ WAN – this is the easy way to observe the undesirable DNS activity on that WAN – note that I’m completely certain the activity I’m observing on the lower priority WAN is not DNS health check activity but rather normal dns resolution being performed on behalf of hosts on my network pointed at the peplink’s dns resolver … This is 100% confirmed by disabling dns health check on that WAN.
Am I missing some way to better control the behavior of the peplink dns resolver?