OpenVPN and DNS



  • So I have OpenVPN setup and working for me and some colleagues to be able to do some work from. I have it so that it routes any 10.0.0.0/8 traffic via the VPN but all else stays local and it works great.

    However, one thing it does is it sets the DNS servers to those at work, but I don't want it to do this for a variety of reasons. I'd like it to use the local DNS settings as the primary, then the work ones as secondary, so that if it can't resolve something it would then query the work ones. So something like google.com would get resolved locally, but someserver.my.domain would get pushed out to the remote DNS server for resolution.

    Is this even possible? If so, how do I do it on the server side?

    Thanks in advance for the help!



  • That's not how DNS works. If the first ones in the list can't resolve something, it fails. It will never try the secondary ones. Secondary DNS is only attempted if the first DNS server is not available. It's not a "try this one then try this one" kind of thing.



  • The reason for this is because if you lookup something and the first DNS system says it doesn't exist it does not say "I don't know about this", instead it says "this does not exist." It's a firm "you are looking for something that isn't out there", so the system has its answer, no need to look further.



  • @scottalanmiller - So the native L2TP client in OS X, when connecting to a VPN server on an OS X server machine definitely does something with DNS so that it behaves the way I described. No idea how it did it though.

    Do you know if you can configure OpenVPN to work as a DNS relay (local relayed to remote)?



  • @jrc said in OpenVPN and DNS:

    Do you know if you can configure OpenVPN to work as a DNS relay (local relayed to remote)?

    What would be the local component, in that case?


Log in to reply