[PLUG] Dualing DNS over VPN

Ian Burrell ian at znark.com
Sat Sep 18 16:48:02 PDT 2004

Terry Griffin wrote:
> I have a host on private network 'A' that is occasionally linked via
> VPN to private network 'B'. Each network has its own DNS server that
> resolves host names for its own private net.
> When the VPN link is up I want the VPN-linked host on network 'A' to be
> able to resolve host names on both of the private networks. If I list
> both name servers in /etc/resolv.conf it doesn't work because the lookup
> won't fail over to the second name server unless the resolver can't
> connect to the first server. What I really want it for it to fail over
> to the second name server if the first one doesn't resolve the query.
> One option would be to have the 'A' DNS server forward requests to the
> 'B' DNS server, but that would be awkward for just an occasional VPN
> connection. Plus the 'A' DNS server doesn't have visibility of the 'B'
> network anyway unless I set up routing through the VPN-linked host.

One option is to setup a caching nameserver on the host.  One 
possibility is forwarding the private domains to the private name 
servers.  This would mean that the VPN network lookups would timeout 
when disconnected.  Another way is change the configuration when 
connecting to the VPN.

dnsmasq is supposed to be perfect for this situation.  It only does 
forwarding and caching.  It is supposed to have per-domain forwarding 
and be easy to change the configuration.

  - Ian

ian at znark.com

More information about the PLUG mailing list