push a dns overide

  • Hi,
    i have a server that uses a different gateway than the rest of the network.
    a workaround to this is adding the external ip to the clients hostfile but i would like to make openvpn do this for me.

    something like this
    push "dns-option service.domain.com ip-address"

    is that possible?

  • something like this

    push "dns-option service.domain.com ip-address"

    is that possible?

    I'm not sure that option exists, but even if it does... since the server is using a different gateway, you won't be able to connect to it over the VPN unless the appropriate routes are in place.

  • thanks for the reply marvosa.
    since it is working to add the external ip to the clients hostfile i was hopping that i could do this only when using openvpn some sort of dns override.

  • Unfortunately, I am not aware of an option to essentially push an A record like that.

    Ideally, you'd address this by exporting an internal DNS server that is capable of resolving server.domain.com.

    If you don't have an internal DNS server to export, another option is to add a host override to the forwarder (or resolver) and then export your LAN interface IP as a DNS server. I just tested this and it works.

    Other less than ideal options, which are admittedly garbage, but would work:

    • Configure the VPN client to execute a script that modifies the hosts file upon connection

    • Run a local DNS server on each client

    • Configure a WINS server

    I really only see two viable options:

    1. If you have AD, Infoblox, or another stand-alone DNS server, just add the appropriate A records and then export that DNS server to your clients.
    2. Create host overrides in the forwarder (or resolver) and then export the IP assigned to your LAN interface as a DNS server to your clients

  • thanks its a really good reply, but i fear my only option is to change the gateway of service.domain.com

    I already have an internal DNS and that is part of the problem, because that points to a lan host with a different gateway.
    i need this DNS for other services.

    LAN clients gets DNS server from DHCP and openvpn clients gets it from openvpn server.
    i can se that DNS resolver is enabled in pfsense (its on per default) maybe i can do some magic here.

    what if i make a Host Override in resolver and in openvpnserver sets pfsense as primary DNS and the internal as secondary.
    service.domain.com is a mailserver so i dont wants to screw anything up here.

Log in to reply