I have our ER7206 router set up with two WAN connections in link backup mode.

* Primary WAN on the "WAN/LAN1" port

* Backup WAN is on the "WAN" port

These are configured via an OC200 Controller.

When the primary WAN is taken offline by clicking Disconnect in the Omada device view, the secondary activates as expected.

However, if I enable DNS Proxy before the failover, all DNS requests fail when the backup link is activated.

C:\Users\bagpuss>nslookup fast.com
Server:  UnKnown
Address:  192.168.1.1

*** UnKnown can't find fast.com: Server failed

The requests fail immediately, with no delay. Note, I can access the WAN via IP addresses - only the DNS lookups fail.

If I then disable the DNS Proxy, the DNS requests succeed again. I can then re-enable DNS Proxy with the backup WAN still active, and it continues to work.

C:\Users\bagpuss>nslookup fast.com
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    fast.com
Addresses:  2a02:26f0:5d00:78c::24fe
          2a02:26f0:5d00:786::24fe
          2.22.137.129

Interestingly, the problem does not seem to persist on failback. That is, if I am in failback mode, and I turn DNS Proxy off and back on again, and then bring the primary WAN back online, the DNS requests continue to work.

If I do not use the DNS proxy, there are no issues with failover.

DNSSEC and DoH modes seem to suffer from the same proxy.

I think the DNS proxy might continue using whatever link was active at the time it was turned on, instead of switching to a new link when the network changes.