[Gllug] DNS & VPN

Russell Howe rhowe at siksai.co.uk
Fri Jun 22 08:14:23 UTC 2007


On Thu, Jun 21, 2007 at 12:03:59AM +0100, Andy McGarty wrote:
> 
> > As I keep on saying: The VPN (and routing, etc) all works. The question  
> > is how to name 192.168.0.254.
> >
> When you issue the ip address (with DHCP I'm guessing) can you not also  
> give an extra DNS server (on 192.168.0.254 or one of your other linux  
> boxes).  Then when the user's main DNS fails to pick up the address it  
> does to your one and resolves.  Will be a little slower as it waits for  
> the other DNS to fail but it will at least work.

I don't think it will.. the first DNS server (or perhaps one at random,
depending on the resolver's behaviour) will be tried, return NXDOMAIN or
something equally negative (or perhaps a positive, yet incorrect,
response) and the client's name lookup will fail (and may well be cached
as having failed too)

What the OP is looking for is, I think, commonly called "split horizon
DNS". Some commercial IPsec clients might do it, commercial routers tend
to do it, and perhaps OpenVPN's client can do it. I've never used
OpenVPN, but it sounds like the kind of thing that it may well do.

> Failing that, can you give your users a hosts file which includes the name  
> and IP address?  Not great if you have thousands of them.

... and you want to change something - you need to update all clients
unless you have a way of distributing the file out regularly (scheduled
download from a HTTPS server, perhaps?)

-- 
Russell Howe       | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list