Home / server / Questions / 124672
Accepted
Mikeage
Asked: 2010-03-21 23:35:22 +0800 CST

Resolving DNS queries for two disconnected, private, networks

  • 772

I'm trying to setup two PCs (one Windows, one Linux, but my understanding is that this problem is more DNS and less OS) as follows:

Home network: 192.168.1.0/24
VPN (via OpenVPN server not within the home network): 192.168.2.0/24 .

I would like a PC on both networks to be able to access three different types of site:

  1. Internet addresses
  2. Addresses on the home network
  3. Addresses on the vpn

However, I'm not sure how/which DNS servers to use. If I prioritize my home DNS server, I can resolve (1) and (2), but not (3). If I prioritize my VPN DNS server, I can't resolve addresses of type (2). Of course, looking up addresses via nslookup and explicitly setting the correct server works, so I know my local DNS servers are OK.

Is there any way I can set up my PCs to fallback on the second DNS server if there is no address found (NXDOMAIN)? Alternatively, is there any way I can tell different queries to go to different servers [maybe by setting up different subdomains; foo.local.something vs. bar.vpn.something]?

Thanks

windows linux domain-name-system networking

3 Answers

  1. Best Answer

    I haven't used this, but I believe the tool that will most likely fill your need on your Linux machine is dnsmasq.

    DNS mask can be set to forward its requests to upstream. At the same time it can also serve names defined in a local /etc/hosts file. You can use the --server option to forward requests to a particular DNS server for domains you define.

    -S, --local, --server=[/[]/[domain/]][[#][@|[#]]
    Specify IP address of upstream servers directly. Setting this flag does not suppress reading of /etc/resolv.conf, use -R to do that. If one or more optional domains are given, that server is used only for those domains and they are queried only using the specified server. This is intended for private nameservers: if you have a nameserver on your network which deals with names of the form xxx.internal.thekelleys.org.uk at 192.168.1.1 then giving the flag -S /internal.thekelleys.org.uk/192.168.1.1 will send all queries for internal machines to that nameserver, everything else will go to the servers in /etc/resolv.conf.

    I am not sure how to address this on your Windows computer. If you cannot come up with an alternative one thing you could do to avoid the issue would be to connect to the openvpn server from your Linux computer and then setup routing NAT on the tun* interface on your client and enable ip forwarding. Adjust the routes and DNS settings on all your other systems to point at the Linux box with the OpenVPN connection. This would effectively make your Linux box a gateway that directs traffic across the VPN as needed..

    • 3

  2. You can set up 2 DNS servers, one for the home network and one for the VPN. You can make one the master and the other the slave and have replication between the two (having two DNS on the two sides guarantees that if the VPN goes down, both sides can still have DNS) Those servers can also be the recursors for the network.

    If you want to use dnsmasq, it can also be a little authoritative server as well. Add the names you want to /etc/hosts on the router and keep the file in sync with the VPN router.

    • 1

  3. I don't know openvpn at all but with Cisco VPN clients there's something called 'split-dns' that says "if someone's looking for something at whatever.company-I'm-VPNing-into.com then get its IP from the DNS server presented over the VPN otherwise go for the regular one that goes over the internet and/or home stuff". I think that sounds like what you want.

    edit - HERE's a link to someone doing just that with openvpn.

    • 0