Is there a way to do split DNS with road warriors? TinyDNS?
I have a very simple OpenVPN setup:
- clients are road warriors
- it's routed
- it's split (only traffic to the target LAN goes through the VPN)
- road warriors are pushed a DNS server
- the server is using the built in DNS forwarder
When I connect as a road warrior from a client machine all DNS queries go to the VPN and the VPN resolves all of them. Is there an easy way to have the VPN answer queries for hosts that have been added to the forwarder and reject all other requests? I'll clarify:
Assume I have the following overrides in the DNS forwarder and that they point to IPs on my target LAN:
I want road warriors to be able to use those hosts, so I need to push DNS to them. However, for anything besides those two hosts, I want the road warriors to use their local DNS server(s).
I tried to use TinyDNS (as follows), but I must be doing something wrong. My first steps are:
- Install TinyDNS
- Bind TinyDNS to 127.0.0.1.
- Use TinyDNS wizard to set up 'site.localnet' as the domain.
- Add 'A' records for my hosts.
- Update DNS in general settings:
5a) First entry is 127.0.0.1.
5b) Second entry is 220.127.116.11 (OpenDNS).
5c) Third entry is 18.104.22.168 (OpenDNS).
- Enable DNS forwarder, without any overrides.
After that, I can SSH into my pfsense box and use the dig command to check the DNS. It works like I would expect. For example, host1.site.localnet gets resolved by 127.0.0.1 while google.ca gets resolved by 22.214.171.124.
However, when I switch to my local machine, none of the local hosts get resolved correctly. It's as if the DNS forwarder refuses to use 127.0.0.1 for DNS and skips straight to 126.96.36.199. I tried taking 127.0.0.1 out of my DNS and using the built in DNS forwarder to delegate the site.localnet domain to 127.0.0.1, but that didn't work either. I'm not sure if that's a proper setup anyway, so I didn't spend too much time on it.
Is there an easier way of accomplishing what I want?
Edit: Here are some screenshots that show what I was trying to do with TinyDNS. It works like I expect when I'm connected to the VPN.