LAN and VPN nameservers in harmony

22 Mar 2006 • 2 min read

OK, say you have a dhcp connection to the LAN which supplies generic name servers (ie internet). Now you want to create a VPN connection to your home LAN and use its nameservers so you can ping the right machines at home. At the moment, you can't. openvpn in portage currently has no ability to even create /etc/resolv.confWell, it has now. Well, it will when I upload it (don't ask when as it depends on other stuff being done first). More importantly it also supports the up-coming resolvconf I blogged about earlier. This is all well and good, but libc won't work like we want - if we want a vpn name and the first server that responds isn't on the vpn then libc won't even try the other servers. Infact, all dns servers/caches/whatever work like this so it's not a new limitation.But there is a workaround - dnsmasq can forward queries to a specific nameserver for a specific domain. So we inform dnsmasq of this like so using a resolvconf plugin.If an interface resolv.conf file contains the "domain" directive, then forward requests for that domain to the specified nameservers only. Otherwise, treat it as a generic nameserver.Of course, this requires a little change to the dhcp clients (dhcpcd, udhcpc, pump and dhclient) to only fill out the search part.EDIT: bind can do this too, as such I've written a bind plugin that works in the same way. The setup is a little more complex, but do-able.