[KLUG Members] Secondary DNS via VPN
J. Edward Durrett
members@kalamazoolinux.org
Fri, 18 Apr 2003 22:11:21 -0400
Adam,
I had a similar problem. I found a work around but I am not sure it is
the best way. This solution does not address multiple domains but I
think it might work. Also, I have read some stuff that claims this is
very taxing on resources but I have not had a problem.
I created a rather simple script which utilizes ssh to for port
forwarding of important services. Here is an example I use to connect
to squid at work when I am on the road:
ssh -L 12000:127.0.0.1:3128 jed@ssh.shackman.com
For my proxy settings, I have localhost:12000.
This would work for DNS as well:
ssh -L 12001:10.3.1.1:53 jed@ssh.shackman.com
And the DNS entry would be:
localhost:12001
Setting a second DNS in your case for your local net wouldn't be a
problem.
I use this method for two remote offices and the other frequent
travelers in my company. I must admit, I have not been able to get it
to work right with windows machines (much to chagrin of the 1 traveling
windows user).
I hope this helps -- and if anyone sees a major drawback please let me
know.
Jason Edward Durrett
Vice President of Operations
B. Shackman Company, Inc.
269.484.1000
On Friday, April 18, 2003, at 12:38 PM, Adam Tauno Williams wrote:
> Here is a niggle I've had for a long time, but just lived with; in fact
> I got around it by just adding important hosts to my /etc/hosts file.
> But now that other users are trying out Linux I'd like to have a real
> solution.
>
> My PC/laptop is on my net at home, which is whitemice.org and has a DNS
> server at 192.168.3.1. Everything updates from DHCP once the correct
> option is selected in System Settings/Network.
>
> Now I VPN to work which is 192.168.1.x and the domain
> morrison.iserv.net.
>
> So of course typing kohocton, or even kohocton.morrison.iserv.net, into
> my web browser doesn't work. Typing in http://192.168.1.5 does, and so
> does adding "192.168.1.5 kohocton kohocton.morrison.iserv.net" to
> /etc/hosts
>
> Now the PPP connection dishes out via the usepeerdns option a file int
> /etc/ppp called resolv.conf, it contains "nameserver 192.168.1.9" But
> the system is looking at /etc/resolv.conf and in order to continue to
> work with whitemice.org stuff it needs to.
>
> On a Windows client this secondary naming thing isn't a problem and
> just
> seems to be magically taken care off.
>
> Are there any scripts, etc..., approved way of shoe horning
> /etc/ppp/resolv.conf into /etc/resolv.conf, and of automatically
> removing the entries when the PPP (VPN) link goes down?
>
> I'd rather not hack it if something "official" and elegant already
> exists that I'm just not aware of.
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>
>
>
Jason Edward Durrett
Vice President of Operations
B. Shackman Company, Inc.
269.484.1000