Local DNS in two mutually exclusive subnets?

My computer is on a local subnet where I work. Some local DNS are set up on the subnet as *.workdomain.
I also have a VPN (openvpn), with a personal DNS server, as *.persodomain.
.workdomain and .persodomain cannot conflict with any DNS over the Internet.

The problem is : I would like to have both zones working on my local linux computer.

Is there a way to tell my computer "for *.persodomain, ask ns.persodomain, and for anything else ask ns.workdomain ?
Currently, it asks the first NS of /etc/resolv.conf, and if it's the wrong domain, it stops as it receives the answer that the asked name does not exists.

Is there a solution other than installing a local DNS server on all my computers connected to both these network ? I look for a way for my linux computers first, but I have Windows-running computers as well.

Levans

Posted 2013-11-20T10:01:58.233

Reputation: 2 010

The Computer is at work, your persodomain is private and you open a VPN from your work place to your home Network? – Werner Henze – 2013-11-20T10:20:06.053

That's it. Exactly. – Levans – 2013-11-20T10:27:31.383

Answers

A local DNS daemon like dnsmasq can be configured in two ways. Normally, you would configure it to provide your personal domain, and lookup other domains via the office DNS servers. It does have an option which specifies the server for various domains, so you could set it up to use your ISP for most lookups and contact specified servers for each of your two local domains.

bind can be configured similarly. You would need to define the appropriate zones and specify the appropriate servers to forward the request to.

I would configure dnsmasq as your DNS server for your linux server, and configure your office server like this:

server=/office.example.com/2.0.192.in-addr.arpa/192.0.2.4

The corresponding bind zone would look like:

zone "office.example.com" {
    type static-stub;
    server-addresses {
         192.0.2.4;
    };
};

Your resolv.conf configuration would specify your dnsmasq or bind server as its first nameserver.

BillThor

Posted 2013-11-20T10:01:58.233

Reputation: 9 384

You can't tell your DNS client to contact different nameservers depending on the domain. But DNS servers can contact different DNS servers depending on the domain name (Forward Zones).

Ideally you should configure both DNS servers to know each other. In your case I guess you can't, because you do not have access to the work DNS server. But you still could setup a Forward Zone on your personal DNS server and use only the personal DNS server. But this has the disadvantage, that you always need to go over your VPN to to a DNS lookup.

Another solution might be setting up your own DNS server at work which is only forwarding to the both DNS servers!?

Werner Henze

Posted 2013-11-20T10:01:58.233

Reputation: 4 214

The problem here is that my personal DNS cannot talk to the work DNS, except maybe if I forward DNS queries through my VPN... Guess I'll take a look on that. – Levans – 2013-11-20T11:06:05.757

Are you really interested in having distinct sets of DNSs, or are you just asking how to set up multiple search domains?

The former cannot be easily done, the latter can: insert this line (as sudo) in your file /etc/resolv.conf

 search persdomain.com workdomain.com

or whatever they are called. In this case, pc names are searched first on your personal domains, then on your work domain.

If instead you are really bent on using multiple sets of DNS servers, you will have to set up a Linux Container (LXC). This will allow to have completely separate communications on your personal pc. But this requires a tad more work.

MariusMatutiae

Posted 2013-11-20T10:01:58.233

Reputation: 41 321