I'm currently having some problems delegating a subdomain, e.g. lan.example.com, to a nameserver in a private network.
My private network is split in to subnets
192.168.0.1/24 <--- 192.168.0.1
Physical LAN 172.20.20.1 ---> 172.20.20.1/24
OpenWRT Router VPN
I have some services running in the physical LAN and the clients should access them with a static DNS name, no matter if the client is connected to the physical LAN or VPN.
The OpenWRT Router also acts as the DNS resolver for all clients in the physical LAN and can resolve local hostnames, e.g. server.lan.example.com
.
The public reachable nameserver of example.com has NS records
lan.example.com IN NS lan-router.example.com
lan-router.example.com IN A 192.168.0.1
In theory all DNS requests to *.lan.example.com should be delegated to my OpenWRT box, but client's connected to the VPN use a nameserver of their home network. These servers try to answer DNS requests recursively but naturally can't reach 192.168.0.1
.
The request dig +trace A server.lan.example.com @8.8.8.8
works fine but the same request without +trace
isn't.
Do you have any idea how to fix this without setting 192.168.0.1
as nameserver for all VPN clients? This would add a lot of latency for normal internet access on these clients.