[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] DNS Forwarder - Suggestion
 Date:  Mon, 25 Jan 2010 13:32:17 +0100
> Hi,
>
> I used the DNS Forwarder "override entire domain" feature for the first time the other day. I
wanted to forward all DNS queries for our corporate network domain to our corporate network DNS
server, the network is accessible over a IPSec VPN link so I entered in the local IP and presumed it
would work over the VPN, it did not. I ended up forwarding it to the public IP of one of our DNS
servers and configured the firewalls on either end appropriately.
>
> So it would be nice if I could elect to send DNS forwarding traffic over a VPN link.
>
> Note, I don't want to send all my DNS queries to our corporate DNS server as when the VPN breaks,
I can't resolve anything!
>

I believe you had to create a static route to your corporate network,
so that it doesn't pass on the ISP DNS servers anyway!

Let's assume you have corporate lan : 10.0.0.0 - being 10.0.0.1 your
corporate DNS server.
First try an "nslookup servername(fqdn) 10.0.0.1"   10.0.0.1 being your dns !
If that resolves, your host is trusted, and vpn is functioning fine !

Your home-lan, lying in 192.168.0.0 - I would create a static route
pointing to your gateway, for the 10.0.0.0 network.
That way, when querying DNS for any corporate server via the fqdn (eg.
server.network.local), it won't go out on your WAN searching for it.

Hope this info takes you somewhere ;)