Hello vyos users.
I’m learning vyos and network in general by using it for my home lab.
At the moment i’m using vyos version:
Version: VyOS 1.3.0-rc5
Release Train: equuleus
In my setup I have:
- VPN connection to remote network xxxxx.xx.
- dns forwarding service.
In my local network, dns services is served by:
- my ISP router
- maas system
Additionally, one more DNS I need to use is on remote network, connection is configured, I can use dig tool to correctly resolve hostname of remote network xxxxx.xx
I can successfully do:
For my local network, all devices uses dns served by vyos only.
Now I would like to integrate all three DNS services inside vyos: ISP DNS maas DNS, remote network DNS.
I have made following two approaches:
1 ==============================================================
protocols {
}
dns {
forwarding {
allow-from 192.168.100.0/24
allow-from 10.8.5.0/24
domain maas {
server 192.168.110.8
}
domain xxxxx.xx {
server 192.168.200.1
}
listen-address 192.168.100.1
listen-address 10.8.5.1
}
}
}
system {
host-name vyos-1
name-server 192.168.1.1
}
In this approach, hosts from maas domain are resolved correctly, however hosts from xxxxx.xx domain cannot be resolved:
wiesniak@desk:~$ dig host.xxxxx.xx @192.168.100.1
; <<>> DiG 9.16.1-Ubuntu <<>> host.xxxxx.xx @192.168.100.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51132
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;host.xxxxx.xx. IN A
;; Query time: 40 msec
;; SERVER: 192.168.100.1#53(192.168.100.1)
;; WHEN: wto sie 17 23:10:22 CEST 2021
;; MSG SIZE rcvd: 54
but still I can ask remote DNS directly and get following answer:
wiesniak@desk:~$ dig host.xxxxx.xx @192.168.200.1
; <<>> DiG 9.16.1-Ubuntu <<>> host.xxxxx.xx @192.168.200.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14898
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 9
;; QUESTION SECTION:
;host.xxxxx.xx. IN A
;; ANSWER SECTION:
host.xxxxx.xx. 2263 IN A 192.168.200.15
;; AUTHORITY SECTION:
…
;; ADDITIONAL SECTION:
…
;; Query time: 36 msec
;; SERVER: 192.168.200.1#53(192.168.200.1)
;; WHEN: wto sie 17 23:15:52 CEST 2021
;; MSG SIZE rcvd: 414
2 ==============================================================
protocols {
}
dns {
forwarding {
allow-from 192.168.100.0/24
allow-from 10.8.5.0/24
domain maas {
server 192.168.110.8
}
listen-address 192.168.100.1
listen-address 10.8.5.1
name-server 192.168.200.1
}
}
}
system {
host-name vyos-1
name-server 192.168.1.1
}
In this approach, all works, however every resolution is made by remote DNS 192.168.200.1 which I would like to avoid.
Could you please give me some light on it ? especially I don’t understand why it works for maas domain and doesn’t for xxxxx.xx domain.
Best Regards
Greg.