We are using FreeRadius to authenticate our users to the network and one of the requirements is to load balance DNS across the two DNS servers so when users got their IP after they connect, they receive their DNS servers in random order, for example, some users get 10.10.10.1 and 10.10.10.2 respectively while other users get them reversed.
To do that, we are assigning random DNS servers attributes to users once they authenticate through the radius. We were thinking of using the FreeRadius rand method along with un lang if statements, however, we thought perhaps there is a better or more elegant way to achieve similar requirements.
The current setup works perfectly (Note that it is not in round-robin style) but it succeeded using un lang along with the rand and expr methods as in the below:
if (&User-Name == "bob") {
if ("%{expr:%{rand:2}+1}" == "1") { ## A workaround to switch DNS orders
update reply {
Reply-Message := "Primary DNS comes first"
MS-Primary-DNS-Server := "192.168.41.1"
MS-Secondary-DNS-Server := "192.168.41.2"
}
accept
}
else {
update reply {
Reply-Message := "Secondary DNS comes first"
MS-Primary-DNS-Server := "192.168.41.2"
MS-Secondary-DNS-Server := "192.168.41.1"
}
accept
}
}
Can you advise or suggest a better way to achieve similar results?
Using: FreeRADIUS Version 3.0.11
Use the load-balance keyword
load-balance {
group {
update reply {
Reply-Message := "Primary DNS comes first"
MS-Primary-DNS-Server := "192.168.41.1"
MS-Secondary-DNS-Server := "192.168.41.2"
}
accept
}
group {
update reply {
Reply-Message := "Secondary DNS comes first"
MS-Primary-DNS-Server := "192.168.41.2"
MS-Secondary-DNS-Server := "192.168.41.1"
}
accept
}
}
You can also swap out the 'group' sections for policy calls or module calls.
IIRC there were some issues using bare update sections in load-balance sections in v3.0.x, so even if you just have the update section you may want to still wrap it in a group.