I have a public DNS server responsible for my domain local.example.com. Some ISPs always deliver the private IP, some do NOT at all, but most of them answer the correct IP to a DNS request after 5 to 10 tries. The rest of the time they send a NXDOMAIN error. Why is that? Why is this not deterministic? When I ask our public DNS server directly, I always get a correct answer.
I have the following setup:
- the private network 192.168.252.0/24 inside a VPN (OpenVPN)
- a server, reachable through the internet with server.example.com
- this server provides DNS resolution for the local domain (of the VPN) local.example.com, e.g. this servers VPN IP is server.local.example.com
- there is no LAN. All Infrastructure is located in the internet on VServers. Basically the VPN could be seen as the LAN.
- we have set server.example.com as Public DNS Server for the domain local.example.com (at our Doamin Registrar)
I have asked for better solutions, but there are no satisfying other options. The main reason for this setup is browsing speed, as an average page these days has minimum around 10 DNS requests and the response speed of our vserver is not compareable with the response time of the DNS servers of ISPs or google. But there are also other reasons. When I visit a customer, I need access to both his and my services, which is not possible with a local DNS server (inside the VPN).
There have been questions about the use of private IPs in public DNS server, but this should not be the topic here. The only offical source in the internet is [a draft of the IETF] of 2004. They recommend to don't use private addresses in public DNS, but I see no better solution for my problems. Maybe the answer lies in IPv6 (but there is no garantee, that a customer has a working IPv6 setup, yet).
Edit1: fixed typo