DNS resolution on OpenVPN server

Question

I am running virtual server with Windows Server 2012 R2 for RDS purpose mostly. OpenVPN server is installed on this host as well. Firewall is configured in a way that RDP connections could only be made from VPN network. But now to access RDP users have to type server's VPN ip (like 10.8.0.1), instead of using friendly DNS name (I have a domain registered). What would be the simplest way to bind a hostname to this ip? Changing host's file on each client machine is obviously not an option. Thanks in advance.

Answer 1

How you handle DNS on VPN setups can get pretty complicated.

The question Wesley linked is generally good for redirected gateway setup where all traffic is being sent over the VPN, or minimally you accept that all DNS resolution will be handled by the server published by the VPN connection.

Another really simple option you could use is simply create a DNS record in your public zone that has the private IP address you want to use. Almost no DNS servers do any kind of filtering on the record values. So you can publish the private records.

If your clients are all Windows another option you could do is setup a rule in the name resolution policy table. This is a Windows 7+ feature, that permits you to set different DNS servers per domain. Using a command like below dould make any request for the *.example.org records be redirected to the defined name servers. But all other domains would continue to be resolved by whatever the client had configured.

# add rule via Powershell
$Rule = @{
    'Namespace'   = '.example.org'
    'Comment'     = 'example domain'
    'NameServers' = ('10.8.0.1', '10.8.0.2')
}
Add-DnsClientNrptRule @Rule