192.168.1.1/24 is my LAN at work.
192.168.88.1/24 is my LAN at home.
The two are connected together by a m0n0wall -> m0n0wall
IPSec VPN. The m0n0wall at work runs 1.11 and the
m0n0wall at home runs 1.2b3.
In the interest of having my office network
m0n0wall's internal DNS available to my LAN
at home, I have attempted to set my m0n0wall at
home's DNS server to 192.168.1.1 in:
System -> General Setup -> DNS Servers
In addition, as both locations connect to the
internet via PPPoE over ADSL, I have unchecked
"Allow DNS server list to be overridden by DHCP/PPP on WAN"
On the same page.
I rebooted the home m0n0wall (the only one with
DNS changes), and a `cat /etc/resolv.conf` from
exec.php is showing "192.168.1.1" as the only
nameserver, but general DNS queries fail.
However, I *can* perform `dig` operations from my linux
machine at home, over the IPSec link, to the m0n0wall
at work, as illustrated below:
% dig @192.168.1.1 shannon.int.wingnet.net
; <<>> DiG 9.2.3 <<>> @192.168.1.1 shannon.int.wingnet.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58123
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;shannon.int.wingnet.net. IN A
;; ANSWER SECTION:
shannon.int.wingnet.net. 0 IN A 192.168.1.35
;; Query time: 42 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Dec 17 17:28:31 2004
;; MSG SIZE rcvd: 57
The home m0n0wall can no longer resolve internet domains
or my work's internal domains. Why would the DNS resolver
not work over an IPSec link?
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)