Networking – How to use two different private DNS servers (one behind a VPN)

dnsnetworkingvpn

Consider the following scenario:

I am connected to a local area network with it's own private DNS server (call it lan-dns). This DNS server is used to resolve the names of some private hosts on the LAN. Any other DNS requests are forwarded to a DNS server on the Internet.

I want to connect to another remote LAN via a VPN. The remote LAN also has a private DNS server (named vpn-dns for arguments sake) which is needed to resolve the names of the private hosts on the remote network.

When not connected to the VPN I will be able to access the hosts on my LAN by their names. However when I am connected to the VPN then, since the DNS of the remote network overrides that on my local network, I will not be able to access the hosts on my local network.

Whilst connected to the VPN if I force my DNS server back to lan-dns then I won't be able to resolve the names of hosts on the remote network.

What is the simplest way to resolve this problem? Is it even possible?

This scenario must be becoming more and more common, yet there doesn't seem to be an elegant solution that I can find.

Best Answer

On the IP level, What you are looking for is called Split Tunneling, and it is configured from the client (at least in non-managed scenarios). it allows requests to local lan addresses to use your local (logical) network, and requests to remote lan addresses pass through the VPN tunnel. if split tunneling is not enabled, the host connected to the VPN will not be able to communicate with other machines in the local lans IP range at all, so its more than just a dns resolution issue. with split tunneling enabled, if you will be accessing the Intranet, your default route must point to a gateway on the local lan, or there will be ambiguity as to which network to use.

the issue here however is DNS. windows (and linux as well) tie the DNS server configuration to the local interface, not to the individual routable connections, meaning that you will only ever be able to use one DNS server at a time and cannot select one conditionally based on destination address. Try looking at running DNSMasq on the VPN'ing PC as described here: http://blog.nixpanic.net/2013/03/use-dnsmasq-for-separating-dns-queries.html

Related Question