How to use dnsmasq for custom hostnames on OpenVPN?

2

1

I'm trying to set up dnsmasq, so I can create custom hostnames over an OpenVPN server. So that when a machine connects hostnames will point to resources located on the OpenVPN host or network.

So for example the /etc/hosts file on the server looks like the following:

db.private.resource 10.8.0.1
app.private.resource 10.8.0.1

Getting the client to use the tunnel for DNS lookup is pretty straightforward. On the server.conf file I have:

push "dhcp-option DNS 10.8.0.1"

And in the client config I have:

dhcp-option DNS 10.8.0.1

And I can verify that the client is using OpenVPN as its DNS when connected by running:

# dnsmasq --no-daemon -q

On the command line, and ping from the client to verify that the client is indeed sending DNS lookup requests to the OpenVPN server over the tunnel, and that the OpenVPN server is indeed handling the requests.

The problem is that when I try to ping the db.private.resource host that I defined, I get:

dnsmasq: query[A] db.private.resource from 10.8.0.2
dnsmasq: config db.private.resource is NXDOMAIN

From the output of dnsmasq. So for what ever reason it doesn't seem to be returning the values I defined in /etc/hosts. And what amazes me is that even when I run dnsmasq with an added address parameter, I still get the above result.

# dnsmasq --no-daemon -q --address=/db.private.resource/10.8.0.1/

dnsmasq: query[A] db.private.resource from 10.8.0.2
dnsmasq: config db.private.resource is NXDOMAIN

Is there any thing that looks wrong from this result?

Benjamin Collins

Posted 2018-08-04T08:49:03.677

Reputation: 121

Answers

1

Server

On the server, add this line this line to /etc/dnsmasq.conf: 

...
expand-hosts #Uses /etc/hosts on this machine for resolution
...

Then, edit the /etc/hosts file with your hostnames. Finally, run sudo /etc/init.d/dnsmasq restart.

If you don't want to edit /etc/hosts for some reason, you can create a new file at /etc/dnsmasq.conf.d/addresses.conf, and populate it with your addresses:

address=/umomma.com/69.69.69.69
address=/oo.umomma.com/69.69.69.60
address=/ooooo.umomma.com/69.69.69.62
address=/ooooooooo.umomma.com/69.69.69.65

With this second method, you'll also want to run sudo /etc/init.d/dnsmasq restart after.

Client

OpenVPN servers usually self-assign themselves the ip addresses 10.8.0.1 or 10.9.0.1. So, on the client, we'll want to make sure to query those nameservers first.

For now, at least, I edited /etc/resolv.conf on the client, I prependded nameserver 10.8.0.1 to the first line of the file. So, on the client, my full resolve.conf looks like this:

nameserver 10.8.0.1
nameserver 8.8.8.8
nameserver 8.8.8.8
nameserver 127.0.1.1

To make these changes last on reboot, make the same change at /etc/resolvconf/resolv.conf.d/head.

Also

Remember to run sudo /etc/init.d/dnsmasq restart when you add any hosts on the server

nick carraway

Posted 2018-08-04T08:49:03.677

Reputation: 53

Asked: 2018-08-04T08:49:03.677

Viewed: 458 times

Active: 2020-02-18T03:40:00.223