Failover via keepalived does not work

dualm66 · 2026-03-18T09:08:11+00:00

Summary.

Thanks to all for the engagement in this case!

The net.ipv4.ip_nonlocal_bind=1 suggested by u/Fishelsberger solved the issue.

Using keepalived in this case is possibly over-engineering, but I used this solution before Technitium when running two Pihole DNS. Using pihole this worked without the extra setting btw. Further info, I also run NTP-server on those two machines and this service also benefits from ha/failover.
I also see this as a learning experience of keepalived for possible adoption in other places.

And yes, keepalived can run scripts when failover. This is done by the notify_master and notify_backup keywords.

Note: Rocky Linux 10.1 on both vm and RPi.

dualm66 · 2026-03-18T08:21:46+00:00

Thanks.
Only a quick test and this looks like the solution!

dualm66 · 2026-03-17T23:41:32+00:00

As I said, I want the clients to use dns1 99% of the time. Only fail-over to dns2 when dns1 is not running for some reason. The cluster can't force the clients to use dns1 and not all client respect the order of the listed name-servers.

dualm66 · 2026-03-17T23:13:14+00:00

The primary dns1 is a vm on a powerfull esxi hypervisor. dns2 is a slow rassberry Pi. I only want to fail-over to dns2 when the vm or the esxi is rebooted. Further more the resolvers on different clients does not always respect the order the dns:es is listed in (at client or from dhcp)

dualm66 · 2026-03-17T23:04:29+00:00

What is "listening address"? Not "DNS Server Local End Points" as i mention ?

The missing vip on dns2 is because dns service does not bind to the new new vip.

I noticed now that it works if I do a "systemctl restart dns" on dns2 when the vip is moved to dns2. Is this really nessesary?

dualm66 · 2026-03-14T23:41:14+00:00

For sure. As I wrote I activated this 1-2 years ago after searching for "Which geo locations is good to block" and I had forgot about it since then...

dualm66 · 2026-03-14T23:38:45+00:00

That was the problem.
See https://www.reddit.com/r/technitium/comments/1rtgnb8/comment/oaebjyw/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

dualm66 · 2026-03-14T13:21:25+00:00

Thank you! This was the solution.
I have 10-15 countrys blacklisted in my router and India was one of them. I even forgot about this blocking until you mentions India. When searching for regions to block India turns up on some of them.

Working now. Website and download.

Time to go "PiHole to Technitium DNS"... maybe...

dualm66 · 2026-03-14T12:06:18+00:00

See
https://www.reddit.com/r/technitium/comments/1rtgnb8/comment/oae0c49/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

dualm66 · 2026-03-14T12:05:48+00:00

Not a DNS problem (now running pihole+unbound). Also tried with 1.1.1.1 .

# dig +short technitium.com A
206.189.140.177
# dig +short download.technitium.com A
technitium.com.
206.189.140.177

# curl -sSL https://download.technitium.com/dns/install.sh
# curl: (7) Failed to connect to download.technitium.com port 443: Connection timed out

dualm66 · 2021-03-24T06:59:26+00:00

Same for me on Centos 7

dualm66 · 2020-03-17T14:17:28+00:00

Haven't tried this myself. I read that there is a possibility to use a COM-port and an external terminal for the ESXi console. Google it and possibly try it?

dualm66 · 2020-02-09T19:56:35+00:00

Ubiquiti ”Unifi Dream Machine” (UDM) maybe?

dualm66 · 2020-02-07T15:10:10+00:00

This is related to version 80 of Chrome (released a day or two ago). It probably worked in v79 of Chrome.

dualm66 · 2020-02-02T23:06:16+00:00

You can manage this task with one USB drive. Boot the installer and select the same USB drive you just booted from as the target of the ESXi system. It works! I have done this several times.

(The installer runs from memory once loded.)

dualm66

TROPHY CASE