[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNS across VPNs
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: DNS across VPNs
- From: Andreas Schuldei <andreas_(_at_)_schuldei_(_dot_)_org>
- Date: Fri, 22 Dec 2000 11:28:07 +0100
I got my vpn up and I can ping hosts on the other side.
Some of my services require a fully operational DNS, however.
If the number of VPN nodes decrase or increase, the nameservers should adjust
to the situation. it would be relativly simple to remove secondary entrys from
the named.boot or add them during the same process during wich the generated
isakmpd files are installed.
However, there is the problem that the forwarding/caching nameserver runs on
the firewalls themselfes and therefore picks the default route (which points
to the external interface) for remote queries. In this case, however, the
routing through the VPN only takes place if this DNS query from this firewall
to the opposing caching nameserver is generaated with the source address
originating from the local net. otherwise the ipsec stack does not route it
through the vpn but through the external interface.
How can I tweak bind or ipnat or whatever to ask questions concerning the
opposing privat network with a local ip source?
Visit your host, monkey.org