2

I'm trying to use Google Cloud Platform's Cloud DNS to resolve internal IPs of Compute Engine instances by DNS from my local machine. I was able to setup an OpenVPN server on an instance by following this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

My VPN configuration successfully connects to the OpenVPN server, and allows me to ping internal IPs of my GCE instances. The instance hosting my OpenVPN server is able to resolve and ping cloud DNS entries, but my client local machine is unable to do the same.

Here's the content of my /etc/resolve.conf file after connecting to the VPN server. 

search openvpn
nameserver 169.254.169.254

What additional configuration do I need to do to allow my local machine to resolve Cloud DNS addresses?

Jacob Smith
  • 51
  • 8

1 Answers1

2

In Compute Engine, DNS resolution is performed against the metadata server, which always has IP 169.254.169.254. The issue arises from the fact that this IP is link-local and is non-routable, thus will not work over VPN/IPSEC.

There are a few solutions/workarounds for it:

  1. You could map all internal GCE instances IPs in the hosts files of the servers in your private network - the drawback is that the process is manual and time-consuming depending on how many instances you have.

  2. The second option would be an internal GCE server (internal resolver) running a DNS server which could cross networks. More information on this is available in this documentation.

Md Zubayer
  • 367
  • 1
  • 7
  • I was able to add this line `push "dhcp-option DNS 10.0.0.1"` to my openvpn server.conf file as the first DNS resolution. 10.0.0.1 is the gateway for my VPC on GCP. After I did this and addressed this issue https://github.com/Tunnelblick/Tunnelblick/issues/401, I was able to resolve internal addresses defined in the A record of Cloud DNS while connected to the VPN – blueether Jul 25 '20 at 07:36