I have an OpenWRT router with an IP reachable within an Amazon EC2 VPC. The router is running a dnsmasq server.
Router IP is 192.168.13.1. A client is connected to the router with hostname 'iPhone' with IP 192.168.13.117.
VPC domain is examplevpc.com
I want all DNS queries within the VPC for *.routername.examplevpc.com to resolve via the dnsmasq server at 192.168.13.1. For example a query for iphone.routername.examplevpc.com should return 192.168.13.117.
From a server within the VPC, I can successfully run nslookup iPhone 192.168.13.1 and get the iPhone IP address. dig iPhone @192.168.13.1 also works.
I tried adding an NS entry routername.examplevpc.com -> 192.168.13.1 to route53 for the VPC but it does not work -- dig iPhone.routername.examplevpc.com responds with NXDOMAIN. Do I need to do something additionally?
EDIT:
So I found this question which said I needed to setup DNS forwarding within the VPC. So I setup a DNS forwarder at 172.28.0.5:
ubuntu@ip-172-28-1-13:~$ nslookup hostname.routername.vpcdomain.net 172.28.0.5
Server: 172.28.0.5
Address: 172.28.0.5#53
Non-authoritative answer:
Name: hostname.routername.vpcdomain.net
Address: 192.168.13.89
I then did what @dsmsk80 suggested in his comment:
A record: ns1.vpcdomain.net -> 172.28.0.5
NS record: routername.vpcdomain.net -> ns1.vpcdomain.net.
This is the failed output of dig:
ubuntu@ip-172-28-1-13:~$ dig hostname.routername.vpcdomain.net
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> hostname.routername.vpcdomain.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52300
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hostname.routername.vpcdomain.net. IN A
;; Query time: 20 msec
;; SERVER: 172.28.0.2#53(172.28.0.2)
;; WHEN: Tue Oct 27 19:37:29 UTC 2015
;; MSG SIZE rcvd: 53
However when directly specifying the nameserver it works as expected:
ubuntu@ip-172-28-1-13:~$ dig hostname.routername.vpcdomain.net @ns1.vpcdomain.net
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> hostname.routername.vpcdomain.net @ns1.vpcdomain.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50111
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hostname.routername.vpcdomain.net. IN A
;; ANSWER SECTION:
hostname.routername.vpcdomain.net. 0 IN A 192.168.13.89
;; Query time: 33 msec
;; SERVER: 172.28.0.5#53(172.28.0.5)
;; WHEN: Tue Oct 27 19:38:35 UTC 2015
;; MSG SIZE rcvd: 69
and also with nslookup:
ubuntu@ip-172-28-1-13:~$ nslookup hostname.routername.vpcdomain.net ns1.vpcdomain.net
Server: ns1.vpcdomain.net
Address: 172.28.0.5#53
Non-authoritative answer:
Name: hostname.routername.vpcdomain.net
Address: 192.168.13.89
Here is the config on openwrt:
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 1 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/routername.vpcdomain.net/'
option domain 'routername.vpcdomain.net.'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#list bogusnxdomain '64.94.110.11'
