Suggestion for Improved Health Check

I have a Peplink Balance 30.

In setting up the health check, I find I have the health checks options I want, but can’t do them in parallel. This makes the health check insufficient, and allows for cases where my WAN is effectively down even though the Peplink thinks it’s up.

Here are the things I think a health check should do, and it must do BOTH:

  1. Verify DNS works. This means check to see if either my primary or secondary server DNS lookups are successful for some common lookup (e.g. DNS for google.com).

  2. Verify I can get off of my ISP’s network. This means checking to see if I can get a ping response from one of two public servers (e.g. ping google.com and yahoo.com).

What I find I have are ways to do only either one of the above. If I select “Ping” for health check, I can have a public server listed and my two DNS servers (via the check box), but the help text states that success of any one of these servers will constitute an ‘up’ connection. That’s not good! It doesn’t show that I can get off of my ISP’s network, or it shows that I can get off the network but may not have any working DNS servers! Both of these cases should cause a failover event.

If I select ‘DNS lookup’ for my health check, I can again set public and DNS server hosts, but run into a similar problem, in that it will consider my line ‘up’ if it gets a response from a public server but not either of my DNS servers. That constitutes a down connection, but it will be reported as up!


The solution to this is to have a mode or setting which allows me to verify that I have 1 of 2 local DNS servers responding AND 1 of 2 ping servers responding. It could be easily accomplished by adding a combined DNS and Ping option which has all the same fields but requires both the ping and DNS to be successful.


Two other suggestion:

Quoting the help text…

“Connections will be considered up if DNS responses are received from any one of the health check DNS servers, regardless of a positive or negative result.”

Seems like this wouldn’t capture a broken DNS server which always returns a failed lookup result. While this is rare, it can happen. It would be better to require a success on the lookup, with a user definable hostname to look up.

It would be nice if all those integer settings (timeout, interval, retries) could be custom rather than a dropdown. I for one would like to be able to set a health retries of 2 and require a recovery retry of 50, neither of which are options.

DNS/ping health checks will generate some packets to make sure the link is able to route to Internet properly on IP layer. Therefore, DNS health check is not used to detect the DNS server can lookup the hostname or not.

If you lookup the hostname through Peplink LAN DNS Proxy, its internel logic can able to find out the healthy DNS for lookup. For example, if ISP DNS servers of WAN1 failed, but it is still able to route to Internet, the DNS proxy can resolve the hostname via another WAN links and route IP traffic over WAN1. If you enable “Use Google DNS Server as Backup”, then DNS proxy will try to resolve the hostname through Google DNS on WAN1.

Regarding the 2nd suggestion, we will consider to add this feature in future firmware release, but it is not on Health Check, it should be on LAN DNS Proxy

Thanks,

Lai