Company DNS priority and VPN

nusch · 02-15-2009, 07:48 AM

I'm connecting to my home Wifi network with KWifimanager and with /etc/init.d/openvpn script to connect my company VPN.

Using resolvconf it's generates such /etc/resolv.conf

Code:

root@novopad:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.3.1 #company dns server (in vpn)
nameserver dns1.myisp.com
nameserver dns2.myisp.com
search company.vpn

It works, I can ping any host.company.vpn but all my DNS requests go through company server, what I don't like from privacy reason and it's also very slow.

If I change cat /etc/resolvconf/interface-order the file looks like

Code:

root@novopad:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver dns1.myisp.com
nameserver dns2.myisp.com
nameserver 192.168.3.1
search company.vpn

But then neither ping to company_host nor company_host.company.vpn works. Is there any solution for the problem?

EDIT: I know that I can do something with local BIND, but it's not so lightweight and needs configuring every new network what I don't like.

ayeomans · 02-16-2009, 12:57 AM

If you only need a few DNS names in company.vpn domain, you could manually add them into /etc/hosts.config. Then use the dns1.myisp.com nameservers for everything else.

chort · 02-16-2009, 03:37 AM

You can also setup a local caching nameserver that has global forwarding to your ISP's nameservers, but specific forwarding for your company's domain that sends those requests to your company's DNS server. You would then point your /etc/resolv.conf to your own local nameserver.