Wednesday, August 29, 2018

Push DNS for only a domain OpenVPN



I have an OpenVPN server to access an Amazon VPC. I have a bind DNS on that same VPN server for solving local names (say *.local.example.com) and for everything else, bind uses forwarders as google DNS.



My problem is that I would like to avoid having my VPN/local DNS receive every DNS queries and forward them (for most of the time) and cache them since it is not a powerful server.



My question here is whether I can make the VPN users query my local bind DNS for the local queries and use their own DNS (e.g. defined in their resolv.conf before they connect to the VPN) for all others by pushing some configuration with OpenVPN.




Server : Debian 8, OpenVPN and bind9



Thanks



-- Edit --



To clear things a bit, here is my goal if possible :



A home user connects to OpenVPN server, which is also a local DNS (for only a set of private addresses). When the home user requests google.com, his query is directed to say 8.8.8.8. When the request is for local.mycompany.com, the query goes to my OpenVPN server/DNS. All this, without using a client-side add-on (push it with OpenVPN ?)




All this is to avoid a unnecessary load of DNS queries on my small VPN server/DNS (that he will anyway forward to Google DNS).


Answer



'Split Horizon' DNS, if servers behind the VPC are on a different domain then it is 'split brain' anyway - DNSMasQ is your friend:



https://www.linuxsysadmintutorials.com/configure-dnsmasq-to-query-different-nameservers-for-different-domains.html


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...