Get local and remote (via VPN) DNS names to resolve

Question

Here's the scenario: Network 1 has its own DNS server, and does a great job of resolving local network names, its also set as a caching server, so it will resolve names out on the general internet. So far so simple. I addition to that I can establish a VPN link using openvpn to a remote network, which also has its own DNS server, which I can use if I change my resolve conf (by whatever means) accordingly.

I envisaged adding another nameserver line to resolv.conf would solve the problem, thinking that once it got an NXDOMAIN from the local DNS server, it might move on to the DNS at the end of the VPN and resolve the name accordingly, but alas, it does not.

So, Is there a way I can set things up so that names in both networks can be resolved?

Answer 1

Not gracefully, no. There is no reason to move on to server #2 on receipt of NXDOMAIN the because query was successful from a protocol standpoint.

What you're looking to do here is split your queries between servers based on destination domains, which means you would need to run nameserver software of some sort on the machine joining the VPN. One nameserver IP would as the default forwarder, and you would define forwarders for specific domains that should be sent to the other nameserver.

/etc/resolv.conf would contain nameserver 127.0.0.1 instead of the usual servers.

In short, this is almost certainly too complicated a solution for a workstation, let alone multiple workstations. It would work in certain scenarios where you have a server that semi-permanently lives on a VPN, but is otherwise too much of a kludge. (you have forwarders pointing at an unreachable IP whenever you're off the VPN)