Unbound with split VPN and local domain
Paul Wouters
paul at nohats.ca
Mon Apr 15 10:40:24 UTC 2019
>> Am 14.04.19 um 12:43 schrieb Herbert Meier via Unbound-users:
>>> Dear experts,
>>>
>>> I would like to configure unbound for my setup but I am totally lost with
>>> the terminology and the settings. Here is my setup:
>>>
>>> * I have a split VPN client runnging that forwards certain subnets to
>>> the VPN server and forwards *all* DNS request to the VPN server side
>>> (I guess all subdomains of myvpn.org <http://myvpn.org> should be
>>> answered by the DNS on the VPN server side)
>>> * I have a local router with domain "lan"
>>> * I would like to use my ISPs DNS but do caching myself (not sure if
>>> the router does it)
>>>
>>> How could I make all this work, i.e.,
>>>
>>> * Forward all DNS request for *.myvpn.org <http://myvpn.org> through
>>> VPN
Depending on the vpn software, you can redirect DNS automatically if
running unbound locally. eg libreswan will automatically run
unbound-control to forward the DNS zone(s) obtained from the IKE/IPsec
VPN server, clear cache and do the reverse on disconnect.
I used to have a patch to openvpn to do the same.
but these depend on running unbound on the device that starts the vpn
too.
>>> * Query the route for for request *.lan
That could be a permanent override as people explained already. You add
it to the unbound config.
>>> * And use my ISPs DNS (via the router 192.168.178.1) for all other
>>> queries?
That can be a simple: unbound-forward forward_add "." IpOfISPNameserver
or you can add it statically in the unbound.conf file.
Paul
More information about the Unbound-users
mailing list