vpnclient and host lookups
Kenneth Porter
shiva at sewingwitch.com
Fri Aug 6 06:14:42 UTC 2004
--On Thursday, August 05, 2004 11:00 PM -0400 "Scot L. Harris"
<webid at cfl.rr.com> wrote:
> Which works well until you need to reference your company intranets DNS
> servers for access to certain systems. I have yet to hear of a VPN
> solution that lets you query both external and internal DNS servers.
>
> I guess it might be theoretically possible if the VPN client looks at
> the domain on the request, but I have not seen one that does this.
Right, it's a fundamentally hard problem. One approach is to create a stub
domain in /etc/named.conf that forwards to the company DNS server for its
internal domain. But that won't work if the company uses the same domain
and "split horizon" for external and internal use, with the same name used
with different addresses. For instance, my peer has an A record for
company.com internally pointing to their Windows domain controller but no
MX record, so I can't send mail to them if I use the internal server.
At least with vpnc you don't get your DNS forcibly hijacked as vpnclient
does, so you can at least control which queries go where. But you still
have to decide where to make the split.
More information about the fedora-list
mailing list