Client DNS Entries


#1

hi all,

I was wondering if there was a way in VyOS itself to specify DNS entries for hosts on the network so that private addresses are returned to clients on the local network. For example, if I have a web server in a segment, I want to return it’s private IP when I reference it’s hostname from a node in another segment. Only in the case where there is no local record should the DNS request be forwarded on.

thanks in advance


#2

If you are only concerned by connectivity for such internal servers, you may use NAT reflection for them.

I.E. configuring NAT destination rules that will change the external IP iddress to the internal one for packet incoming on the internal interface.

Alternatively you may install bind on the VyOs router (although personally I avoid installing such thing on the router) and use split DNS, but in this case you would have to enter in the local zone all your records (not only the ones of your internal servers).


#3

If you have (or can install) a modern version of Bind on your local network (not necessarily on the vyos router), you can use the RPZ feature to rewrite external addresses into internal addresses. The master version of your zone(s) can be hosted elsewhere - the local bind resolver with a local rpz zone just overrides the actual authoritative data.


#4

Hello Nullroute:

I’m not sure if I completely understand your question, but I might give you my little grain of sand (maybe salt! ;-).

If you configure the VyOS as a DNS Caching server, and configure it as the DNS for all the LAN machines, then the VyOS will serve the IP addresses defined in the:

[quote]system static-host-mapping
[/quote]
Section of the configuration, before forwarding the DNS requests to the external DNS servers defined on:

Section.

That way you should get the results you might expect, if you’re inside the LAN, a DNS request for a host that’s inside the LAN will resolve to an internal IP address, provided there’s an entry for it on the static-host-mapping section for the configuration.

Supposed you configure the DNS Forwarding this way:

service {
	dns {
		forwarding {
			cache-size 150
			domain yourdomain.com {
				server <you VyOS ip address>
			}
			name-server 8.8.8.8
			name-server 208.67.222.22
		}
	}
}

And you specify the name and address for the internal server at:

system { static-host-mapping { host-name www.yourdomain.com { inet <internal IP address for the Server> } host-name server.malware.com { inet 127.0.0.1 } } }

When a LAN Machine that has the VyOS configured as its DNS Server requests the IP address for the server “www.yourdomain.com”, the VyOS will resolve it to the Internal IP address, but if it requests the IP for another URL, it will forward the request to the specified external DNS Servers (8.8.8.8 google DNS and 208.67.222.222 OpenDNS) in our case.

Note that you can use this technique to block some unwanted hosts, like the server.malware.com in the example, resolving to the localhost, instead of an external IP Address.

Now, for the second part of what I understood, if you want to resolve the host IP address depending on the IP address of the requesting machine, then without a doubt I would suggest going to conditional binding using bind, although I wouldn’t install it in the VyOS Box, it is way more powerful, but needs more configuration.

Hope it is a grain of sand…


#5

Thanks a Lot, man! Im new to VyOS and just had the same problem. Static-host-mapping worked for me, now i can reach my lan Server over my pppoe0 address or my dyndns Name.