Hello Nullroute:
I’m not sure if I completely understand your question, but I might give you my little grain of sand (maybe salt! ;-).
If you configure the VyOS as a DNS Caching server, and configure it as the DNS for all the LAN machines, then the VyOS will serve the IP addresses defined in the:
[quote]system static-host-mapping
[/quote]
Section of the configuration, before forwarding the DNS requests to the external DNS servers defined on:
Section.
That way you should get the results you might expect, if you’re inside the LAN, a DNS request for a host that’s inside the LAN will resolve to an internal IP address, provided there’s an entry for it on the static-host-mapping section for the configuration.
Supposed you configure the DNS Forwarding this way:
service {
dns {
forwarding {
cache-size 150
domain yourdomain.com {
server <you VyOS ip address>
}
name-server 8.8.8.8
name-server 208.67.222.22
}
}
}
And you specify the name and address for the internal server at:
system {
static-host-mapping {
host-name www.yourdomain.com {
inet <internal IP address for the Server>
}
host-name server.malware.com {
inet 127.0.0.1
}
}
}
When a LAN Machine that has the VyOS configured as its DNS Server requests the IP address for the server “www.yourdomain.com”, the VyOS will resolve it to the Internal IP address, but if it requests the IP for another URL, it will forward the request to the specified external DNS Servers (8.8.8.8 google DNS and 208.67.222.222 OpenDNS) in our case.
Note that you can use this technique to block some unwanted hosts, like the server.malware.com in the example, resolving to the localhost, instead of an external IP Address.
Now, for the second part of what I understood, if you want to resolve the host IP address depending on the IP address of the requesting machine, then without a doubt I would suggest going to conditional binding using bind, although I wouldn’t install it in the VyOS Box, it is way more powerful, but needs more configuration.
Hope it is a grain of sand…