0

When I'm connecting to the VPN at work, I frequently run into problems with sites blocked by OpenDNS, and also being limited to the DNS entries on their DNS server.

I'm wondering if there is a way to have domain-name resolution go to one server, and if that name lookup fails, to have it try another. Solving this problem would basically let you to use the union of DNS entries from multiple servers.

Caveat: It seems like a prioritized list of DNS servers in /etc/resolv.conf will not fall through to subsequent entries if the name lookup fails, it will only if the primary DNS server is actually down.

Neil
  • 2,425
  • 8
  • 36
  • 45

2 Answers2

1

You can't really use a union as far as I'm aware (although a custom resolver to do that wouldn't be impossible), but what you can do easily enough is run a local resolver that forwards requests for a certain set of domains to the authoritative nameservers. I use dnscache for this, myself, and it's near-trivial, but BIND can be easily configured to do that same thing.

This doesn't work so well if you've got a large number of domains that are being blocked, but for the usual VPN case (of a few domains that are "internal only") this method works really well.

womble
  • 96,255
  • 29
  • 175
  • 230
  • Yeah this would work pretty well for me. I've only got the internal company domain name to look up. – Neil Aug 14 '09 at 00:06
  • Post another question if you need specific config snippets for either BIND or dnscache; I've got them both to hand. – womble Aug 14 '09 at 00:28
0

Wouldn't split tunneling effectively take care of this?