4
Consider the following scenario:
I am connected to a local area network with it's own private DNS server (call it
lan-dns
). This DNS server is used to resolve the names of some private hosts on the LAN. Any other DNS requests are forwarded to a DNS server on the Internet.I want to connect to another remote LAN via a VPN. The remote LAN also has a private DNS server (named
vpn-dns
for arguments sake) which is needed to resolve the names of the private hosts on the remote network.When not connected to the VPN I will be able to access the hosts on my LAN by their names. However when I am connected to the VPN then, since the DNS of the remote network overrides that on my local network, I will not be able to access the hosts on my local network.
Whilst connected to the VPN if I force my DNS server back to
lan-dns
then I won't be able to resolve the names of hosts on the remote network.
What is the simplest way to resolve this problem? Is it even possible?
This scenario must be becoming more and more common, yet there doesn't seem to be an elegant solution that I can find.
It depends on what the server admin allows you to do... vpn would not be as secure if it allowed clients to talk to people not in the vpn club with them – Canadian Luke – 2013-05-01T15:03:35.067
What OS are you running? Does the machine you're using as a VPN client travel with you, or is it always on the LAN where
lan-dns
acts as a resolver? – Aaron Miller – 2013-05-01T15:09:42.017@AaronMiller - the OS could be Windows or Linux. For the moment, it's safe to assume that the VPN client machine will always be attached to the local network; would it make a difference if it wasn't? – FixMaker – 2013-05-01T15:14:50.867
How you would go about doing this depends on how the VPN connection is made. What type of connection is the VPN using? Why don't you just use a hosts file for this? – Ramhound – 2013-05-01T15:18:18.737
@Ramhound - The connection is made via OpenVPN. I can't use a static hosts file as there will actually be multiple VPN clients and I don't want to have to maintain a file on each individual client. – FixMaker – 2013-05-01T15:21:16.077
@Lorax - It should be possible to simply configure the network connection always use the VPN DNS server. The fact the Nameserver would be invalid wouldn't matter provided the domains selected, are not valid domain extensions, for example "dog.puppy" cannot be a valid domain unless a DNS server says it is. – Ramhound – 2013-05-01T15:30:00.843
What are the domains involved? It may be possible to solve this with zone delegation or zone transfers. – Nevin Williams – 2013-05-01T18:01:09.637