Public DNS for specific IP address
-
@viragomann
off topic
If I want to create a public DNS resolver, I have to use another type, e.g. bind?
Of course, the resolver would not be designed for the whole world, but for specific ip addresses. -
@gusto said in Public DNS for specific IP address:
If I want to create a public DNS resolver, I have to use another type, e.g. bind?
For public resolving, yeah, the DNS resolver is meant for internal purposes.
Of course, the resolver would not be designed for the whole world, but for specific ip addresses.
Since you office is behind an ISPs CGN, I guess, you won't have a static IP there.
And as already mentioned, the PCs in the center should get the internal IP for the host names, while all outside devices should get the public IP. So both cannot be done with the same DNS.
-
@viragomann
I also created a VPN server, but the client only reaches the IP address of the web server 192.168.1.101 (not a domain name such as example1.gg).
DNS resolver does not work for VPN clients. -
@gusto
Did you add the DNS server to the VPN configuration to push it to the clients?Also you have to configure the DNS resolver properly. Ensure that the VPN interface is selected at listening interfaces.
If still no joy add the clients tunnel network to the resolver ACLs. -
@viragomann
Here is my setup
-
@gusto
Since you have enabled DoT, did you care that the clients trust the servers certificate?What exactly happens on the client, when you try to access a remote host by its name?
Also tried nslookup or something similar? -
@viragomann
BTW what is DoT?I connected to OpenVPN via an anroid client.
Vivaldi browser writes that the site cannot be connected.
nslookup doesn't work for me on a mobile phone. -
@gusto said in Public DNS for specific IP address:
BTW what is DoT?
DNS over TLS. Your resolver is set to use TLS.
Vivaldi browser writes that the site cannot be connected.
If the browser does DNS over HTTP (DoH) you are also lost, it won't request your DNS server.
Therefor I asked for another way to check DNS resolution on the client device. -
@viragomann
Thank you very much
I canceled this option and now it works.
I hope this does not endanger safety.
Enable SSL / TLS Service appears to have been enabled by default
-
@gusto said in Public DNS for specific IP address:
Enable SSL / TLS Service appears to have been enabled by default
No that is not default. It would have to be checked.
-
@gusto said in Public DNS for specific IP address:
I hope this does not endanger safety.
As long as you allow access to the DNS Resolver only from internal devices, there shouldn't be any concerns.
-
@viragomann said in Public DNS for specific IP address:
@gusto said in Public DNS for specific IP address:
If I want to create a public DNS resolver, I have to use another type, e.g. bind?
For public resolving, yeah, the DNS resolver is meant for internal purposes.
Of course, the resolver would not be designed for the whole world, but for specific ip addresses.
Since you office is behind an ISPs CGN, I guess, you won't have a static IP there.
And as already mentioned, the PCs in the center should get the internal IP for the host names, while all outside devices should get the public IP. So both cannot be done with the same DNS.
Here you wrote that dns resolver is for internal use only.
-
@gusto
Yeah, it is meant for internal use, but not really limited to it.But it's also imaginable that someone who has a large network with untrustworthy users inside wants to enable TLS for the sake of security and privacy.
-
@viragomann
I understand.
I only have a small LAN. I don't have an office and center. In the first post, I gave just an example for understanding. -
@gusto said in Public DNS for specific IP address:
@viragomann
Thank you very much
I canceled this option and now it works.
I hope this does not endanger safety.
Enable SSL / TLS Service appears to have been enabled by default
What is written here does not apply!
I have 2 applications installed on my smartphone to use openvpn.
OpenVPN free client (old)
OpenVPN Clinet (new)
Regardless of whether "Enable SSL / TLS Service" is enabled, it does not work for OpenVPN free client (old).
Regardless of whether "Enable SSL / TLS Service" is enabled, it does work for OpenVPN client (new). -
@gusto
There are some dependencies on this:Does the client device use DoT?
If it doesn't and your Server also is listening on port 53 (non-DoT), it will work anyway.
If the client supports DoT he will use it, even if non-DoT is available. So he has to trust the servers SSL certificat as mentioned. Otherwise the request will fail.Does VPN client change DNS settings on the device at all?
If he doesn't it won't work anyway. -
@gusto said in Public DNS for specific IP address:
@gusto said in Public DNS for specific IP address:
@viragomann
Thank you very much
I canceled this option and now it works.
I hope this does not endanger safety.
Enable SSL / TLS Service appears to have been enabled by default
What is written here does not apply!
I have 2 applications installed on my smartphone to use openvpn.
OpenVPN free client (old)
OpenVPN Clinet (new)
Regardless of whether "Enable SSL / TLS Service" is enabled, it does not work for OpenVPN free client (old).
Regardless of whether "Enable SSL / TLS Service" is enabled, it does work for OpenVPN client (new).This also does not apply!
When I tested it, the web pages were displayed offline on my smartphone.
"Enable SSL / TLS Service" must be disabled.
I always have to use the OpenVPN client (new). OpenVPN free client (old) does not work.
