Different DNS Servers per subnet
-
I have a standard single WAN, dual LAN setup. I want to use different DNS servers on each LAN, I also want to resolve my internal hosts as well but I don't think I can do this. I can certainly use the DHCP options to assign different DNS servers to each subnet but then I can't resolve internal hosts. If I use the DNS Resolver or Forwarder I can resolve internal hosts but not have different DNS servers per subnet. Or am I missing something?
-
Well, the DNS servers you configure the clients to use have to have the data to give the answers you want them to give.
You will probably have to be more specific as to exactly what you are doing. We have no idea what different DNS servers really means.
-
Sorry, let me explain some more by way of an example of what I'm trying to do. I have two LAN subnets, LAN10 and LAN20, both need to resolve my internal hosts to their private IP addresses. But for public queries I want LAN10 to use Google's DNS servers and LAN20 to use OpenDNS servers. I don't see how I can do this?
-
Right. You can't using the GUI.
You might be able to dig into the unbound documentation and find some custom options that enable you to both provide local-data for resolving local names and use policy-based forwarding to the two global DNS server solutions based on source addresses but you will probably have to use something like an off-the-firewall DNS server such as BIND and use something like views there. I do not know if unbound will keep two different caches, etc.
-
Thanks, I have just started reading up on the unbound documentation!
-
@Derelict said in Different DNS Servers per subnet:
I do not know if unbound will keep two different caches, etc.
No it won't - this is why you can not use views to say foward client A to 1.2.3.4, and client B to 4.5.6.7 - since it will be a common cache.
What you do is hand client A ns1 via dhcp, which has a delegation for your local domain to your local NS, and then client B you send to ns2 which also has a delegation to your local NS..
Now your clients can all resolve your local stuff from your local NS, and resolve whatever from the other NS you send them too. Which will have their their own caches.
edit: pretty sure you could do what you looking for with bind though.. Since each view would/should have its own cache.. Pretty sure you would have to on purpose set a view to share a cache with another view if that is what you wanted..
edit2: Why are you wanting to use different NS for your clients? Other than say circumvention I don't see the point here? Why do you want your clients to use different public NS? If you explain the end goal, maybe there is a easier way to accomplish it?
If you want to forward client A to some blocking ns, why wouldn't this blocking NS be good for all clients?
edit3: I might play with this later, I am curious if can be done in the bind gui - I don't think so.. Since I think there is a common forward in the gui.. You would have to use the views custom options I believe..
-
I shudder to suggest this but....
You can do this by running both the DNS forwarder and the DNS resolver (in forwarding mode). Obviously one has to run on a different port but you can use a port forward on whichever LAN is using it so clients still use port 53. You can a domain override on one pointing at the other one for your local hosts so you only need to maintain one host list.
It's ugly. It will probably come back to bite you at some point. It doesn't scale beyond 2. But it doesn't require any packages or custom config, everything in in the GUI and hence backed up.
Steve
