Route DNS over VPN only for selected domains?
I recently purchased a FWG to replace by own linux-based router solution. With my old solution, I ran a VPN client on my router to connect to my work network. I also ran a BIND server that forwarded requests for my work DNS domain to the work DNS server, so host names for my work domain would be resolved against work's internal DNS server instead of the external server.
With this configuration, DNS queries for LAN devices continued to work and were accessible (VPN was in split routing mode), and DNS queries for work devices resolved to the correct internal address, that was then routed over the VPN.
Is there any way to accomplish this with FWG? I know about the DNS over VPN switch, but I don't want to send all DNS queries over the VPN, just those for a specific domain.
The only solution I see is to continue to use my BIND server as the network's upstream DNS server, and disable DoH.
Can something similar be accomplished with a file in dnsmasq_local, for example, a server= line?
-
I was able to find a solution without running my own forwarding DNS server.
I SSH'd to the FWG and created a file in ~/.firewalla/config/dnsmasq_local with the following line:
server=/example.com/192.168.3.4
where example.com is my work domain and 192.168.3.4 is my work's upstream DNS server, accessible through the VPN.
This worked for me with and without DoH.
Please sign in to leave a comment.
Comments
1 comment