We use an appliance solution for DNS, both as master and resolver.
As Surebackup isolates any traffic except for standard unencrypted http using SureBackup Proxy, I wonder if anyone has solved how to run Surebackup with working DNS for the tested backups to work correctly.
While newest Windows Server 2022 allows for DNS-over-HTTP (over SureBackup Proxy), we would like to test legacy OS (Windows and Linux) with surebackup.
Any suggestions? I would have liked the SureBackup Proxy to be be a DNS-resolver, but that seems not to have been implemented.
-
dejan.ilic@liu.se
- Enthusiast
- Posts: 29
- Liked: never
- Joined: Apr 11, 2019 11:37 am
- Full Name: Dejan Ilic
- Contact:
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2294 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Surebackup & DNS
You need to create an application group with your dns appliance in it and start it up with the surebackup job.
The dns appliance will then run until every vm from a linked job is tested.
There is no connectivity possible from the isolated network to the „outside lan“. You can test internal dns resolution in the isolated lan, external dns resolution (dns forwarding) will not work of course.
If this appliance isn’t a vm, then you can‘t use dns resolution in a sure backup job.
https://helpcenter.veeam.com/docs/backu ... ml?ver=110
The dns appliance will then run until every vm from a linked job is tested.
There is no connectivity possible from the isolated network to the „outside lan“. You can test internal dns resolution in the isolated lan, external dns resolution (dns forwarding) will not work of course.
If this appliance isn’t a vm, then you can‘t use dns resolution in a sure backup job.
https://helpcenter.veeam.com/docs/backu ... ml?ver=110
Product Management Analyst @ Veeam Software
-
dejan.ilic@liu.se
- Enthusiast
- Posts: 29
- Liked: never
- Joined: Apr 11, 2019 11:37 am
- Full Name: Dejan Ilic
- Contact:
Re: Surebackup & DNS
Our DNS appliance is a physical box, is that cannot be brought in to the SureBackup.
Not being able to use DNS even thru the Proxy seems like a large shortcoming for SureBackup IMHO, as a lot of things don't work without a working DNS.
I'm thinking of using either Win2022 DNS-resolver for the SureBackup VMs, and letting it do the backend resolve thru DNS-over-HTTP via SureBackup Proxy.
Its a twisted case DNS-case as HTTPS isn't supported over SureBackup proxy (as far as I understand), but it is supported by Win2022 DNS-over-HTTP resolver, something I'm not sure Linux allows for.
https://docs.microsoft.com/en-us/window ... nt-support
That way the DNS info is always up to date and we don't have to use a slave DNS with replicated data, something that has to be kept updated.
Not being able to use DNS even thru the Proxy seems like a large shortcoming for SureBackup IMHO, as a lot of things don't work without a working DNS.
I'm thinking of using either Win2022 DNS-resolver for the SureBackup VMs, and letting it do the backend resolve thru DNS-over-HTTP via SureBackup Proxy.
Its a twisted case DNS-case as HTTPS isn't supported over SureBackup proxy (as far as I understand), but it is supported by Win2022 DNS-over-HTTP resolver, something I'm not sure Linux allows for.
https://docs.microsoft.com/en-us/window ... nt-support
That way the DNS info is always up to date and we don't have to use a slave DNS with replicated data, something that has to be kept updated.
-
dejan.ilic@liu.se
- Enthusiast
- Posts: 29
- Liked: never
- Joined: Apr 11, 2019 11:37 am
- Full Name: Dejan Ilic
- Contact:
Re: Surebackup & DNS
Hmm, Windows Server 2022 "unencrypted" doesn't seem to mean "HTTP" but standard UDP/TCP Port53 based DNS lookup.
So that won't help unless SureBackup allows for https traffic.
So that won't help unless SureBackup allows for https traffic.
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2294 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Surebackup & DNS
Why not using this 2022 dns server as the slave.
Give this vm 2 NICS.
NIC1 in the isolated network. NIC2 in an another subnet as the default Gateway.
But that would only work, if your two dns hardware appliances are already in different networks.
If they are using the same subnet, that would not work.
A vm in the virtual lab cannot leave the isolated lan. That would bring any sort of issues to the productive network, if booted vms cannot connect to other services by themselves.
Give this vm 2 NICS.
NIC1 in the isolated network. NIC2 in an another subnet as the default Gateway.
But that would only work, if your two dns hardware appliances are already in different networks.
If they are using the same subnet, that would not work.
A vm in the virtual lab cannot leave the isolated lan. That would bring any sort of issues to the productive network, if booted vms cannot connect to other services by themselves.
Product Management Analyst @ Veeam Software
-
dejan.ilic@liu.se
- Enthusiast
- Posts: 29
- Liked: never
- Joined: Apr 11, 2019 11:37 am
- Full Name: Dejan Ilic
- Contact:
Re: Surebackup & DNS
Hmm, true. I will consider that together with the networking group.
I was stuck in the thught that SureBackup VMs were isolated but a DNS-resolver might break that rule with two NICs, one being outside of the SureBackup VLANs.
I was stuck in the thught that SureBackup VMs were isolated but a DNS-resolver might break that rule with two NICs, one being outside of the SureBackup VLANs.
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2294 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Surebackup & DNS
Should be „if booted vms can connect to other services by themselves“if booted vms cannot connect to other services by themselves.
Sorry for that typo.
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: No registered users and 116 guests