Having an internal DNS and an external DNS (for VPN use)

DaveQB · 08-01-2011, 10:08 PM

Hard to to have a succinct title for this.
I put it in the laptop and netbook as it is a problem I would see mobile users coming across more than others.

So I have an internal DNS server (a pfsense firewall) that then uses my ISP for external name resolution. This internal DNS server answers lookups for all internal machines on my home network too, responses no other DNS server could answer with.

I have a VPN account with work. Work too has their own DNS for resolving internal domains as well external lookups.

So the issue I have is when I connect to my works VPN I have to use their DNS in order to access resources on works network, but then I lose access to my DNS server which subsequently loses me domain name access to local machines.

Right now I am using my own DNS and hand looking up work machines to then access. Seems rather silly.

I have thought I could set up a BIND server on my desktop that makes the VPN connection, but feels like overkill for such a trival problem.

I know the resolver library on most Linux machines tries the first DNS in resolv.conf and if it times outs, moves onto the next. Can it not move onto the next if the first one responses but is unable to successfully look up the given domain name? It would be the most simply solution adding only a slight delay on some lookups.

Any better solution that others have would be appreciated.

Thanks.

zhjim · 08-30-2011, 05:08 PM

Intresting stuff you got there.
Maybe you could tweak your internal dns to forward only the work domain to the vpn/work dns server.
Think of tlds.

Take alook at this http://docstore.mik.ua/orelly/networ...ns/ch10_05.htm
Scroll down to "10.5.2. Forward Zones". Should get you set.

That ones also quite nice: https://lists.isc.org/pipermail/bind...ne/014811.html

DaveQB · 08-30-2011, 07:17 PM

Thank you zhjim
That is all I would need. If I could send any look up requests for a certain domain to my work DNS, I would be set.
I will follow up those links you have provided. I use pfsense as my home DNS server (dnsmasq is what it uses internally)

zhjim · 09-05-2011, 12:17 AM

This is an abstract taken from http://www.thekelleys.org.uk/dnsmasq...q.conf.example

Code:

# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1

# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3

# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
#local=/localnet/

# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/double-click.net/127.0.0.1

Seems like the server config option should do the trick or maybe the address. I would aim for the server option.