Question on dynamic home_server

Alan DeKok aland at
Tue Jun 14 19:48:17 UTC 2022

On Jun 14, 2022, at 12:03 AM, Yushu Shi (yusshi) via Freeradius-Users <freeradius-users at> wrote:
> Need some help with using freeradius as a proxy to two radius server pools.
> The requirement is like below:

  I agree with Michael here.  This is not an appropriate use-case.

>  *   There are two server pools, identified with host names:  and
>  *   DNS request to the two host names returns the IP addresses of several servers in the pool in a round robin fashion, i.e, “host” command returns 3 IP addresses.
>  *   IP address of each server may get changed. Need to honor DNS TTL timer.
>  *   All auth requests should be directed to the hosts in the primary pool round robin, and only fail over to the secondary if all hosts behind the primary are unresponsive.
> Is there any way to accomplish these requirements without restarting the process? How should I create the home_server pools in proxy.conf to do this?

  You can't do this, and you shouldn't do this.

  DNS round robin is when you have many clients (e.g. thousands or more), and you want them to spread their connections across many back-end servers.  This isn't the case with RADIUS.

  With RADIUS, you have one RADIUS server.  It knows how to spread it's packets across multiple back-ends.

  This requirement won't do what you want, and it won't work with FreeRADIUS.

  Alan DeKok.

More information about the Freeradius-Users mailing list