Split DNS - Is this possible?

How to customize and extend your OpenVPN installation.
Post Reply
z0lschool
OpenVpn Newbie
Posts: 2
Joined: Fri Sep 02, 2011 4:39 am

Split DNS - Is this possible?

Post by z0lschool » Fri Sep 02, 2011 4:52 am

I'm not even sure if Split DNS is the right term.

I've spent the last hour or so googling and searching through these forums, but I haven't found anything about it. Basically, I would like to be able to have users use their own DNS when they are connected to the VPN EXCEPT anything *.localnet. So, www.google.com will go to their DNS, www.corporate.localnet will go to my DNS, or at least resolve to the correct IP.

I only need to do this with a limited amount of IPs (about 15), but it would be nice to be able to find a way to transparently do this so my users don't have to edit their hosts files, but I have yet to find a way to do it.

Anyone have ideas/leads/flames?

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Split DNS - Is this possible?

Post by maikcat » Fri Sep 02, 2011 7:11 am

hi there,

AFAIK a system queries one dns server at a time,
if he fails to answers then it checks secondary and so on..

i dont know if you can configure your resolver like the way you want
(at least using the standard OS resolvers ,win,linux).

but you can do various thing on server side....

what exactly are you trying to accomplish?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Split DNS - Is this possible?

Post by janjust » Fri Sep 02, 2011 7:55 am

this also depends on the client OS - some OSes have support for domain-specific DNS servers (MacOS , Linux) , I'm not sure if it's possible on Windows.

dropje
OpenVPN User
Posts: 28
Joined: Wed Aug 24, 2011 9:08 am

Re: Split DNS - Is this possible?

Post by dropje » Fri Sep 02, 2011 9:04 am

If you're trying to resolve the correct IP (prolly internal) you could setup a DNS server with a zone .localnet and push it over the VPN.
All other stuff outside your zone you recurse, for example, to Google's DNS and will resolve to the correct external IP.

In our company we use PowerDNS combined with PowerAdmin which is easy to setup, uses a database and is extremely fast.

z0lschool
OpenVpn Newbie
Posts: 2
Joined: Fri Sep 02, 2011 4:39 am

Re: Split DNS - Is this possible?

Post by z0lschool » Fri Sep 09, 2011 2:43 am

Goodness, I don't know where my time has went. Sorry it has taken me so long to come back around and explain what I am trying to do:

Basically, we host a small environment that is only accessible via the OpenVPN set up that we have. I know we are can force our users to use our DNS, but if possible we would like to find a way to resolve only for some domains, but it doesn't look like that is going to be possible.

Recursing everything seems to be our only solution, which we would like to avoid since we don't want to know what people are going to, and don't want to be passing on user-space DNS lookups, as these are students connecting to the VPN, and god only knows what kind of insane DNS requests we'd be sending out.

Post Reply