Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
VITYA-XY12021-01-14 20:17:39
openvpn
VITYA-XY1, 2021-01-14 20:17:39

How to set up a primary DNS server in OpenVPN so that the client first looks there, and only then to the local NS?

I don't need to route all traffic through OpenVPN, just the relevant NS to a private Route53 on AWS.
For some reason, people set up bind: https://medium.com/@dusansusic/setting-up-openvpn-... . Isn't it easier to directly register the VPC DNS server?
I in turn installed dnsmasq. Although when I make a request on my LAN through the VPC DNS server:
dig @172.31.0.2 NS stage.example.com
I get ELB CNAME:
stage.example.com. 300 IN CNAME stage-elb-934312745.us-east-2.elb.amazonaws.com.
Same story with dnsmasq on openvpn server:
dig @10.8.0.1 NS stage.example.com

Here is the client config:

client
proto                 tcp
dev                   tun
remote             vpn.example.com
port                  12000

resolv-retry          infinite

remote-cert-tls       server
auth                  SHA256
cipher                AES-128-CBC

verb                  4
allow-pull-fqdn

dhcp-option DNS 10.8.0.1

persist-key
persist-tun
nobind
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>


Server config:

proto       tcp
dev         tun

local       172.31.0.142
port        12000

topology    subnet
server      10.8.0.0 255.255.255.0

ca          keys/ca.crt
cert        keys/issued/server.crt
key         keys/private/server.key
dh          keys/dh.pem
tls-crypt   keys/tc.key
crl-verify  keys/crl.pem

auth        SHA256
cipher      AES-128-CBC

user        nobody
group       nobody

status                /var/log/openvpn/openvpn-status.log
log                   /var/log/openvpn/openvpn.log
log-append            /var/log/openvpn/openvpn.log
ifconfig-pool-persist ipp.txt
verb                  4

push        "dhcp-option DNS 10.8.0.1"
push        "route 172.31.0.0                    255.255.0.0"

allow-pull-fqdn

persist-key
persist-tun


now the question is: why when I directly make a request on the client for an ns record from a private network:
dig stage.example.com

dig first of all makes a request to my local DNS: 192.168.1.1

How to make it either not contact it at all, either I first turned to AWS DNS and only then, if I didn’t find it, I climbed to the local DNS and so that it worked on all clients: Windows, Linux, apples

Thank you

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
V
vasRmba2015-07-31 13:06:19
OpenVPN client not connecting to server, what's wrong? 2Reply
A
AlizonJohn2017-07-25 17:57:14
How to connect 2 PCs to a local network through OpenVPN, but not change the IP from which they go to the Internet? 1Reply
M
maxwolf2015-08-20 14:05:12
How to set up a system with openvpn to automatically switch to a backup link? 1Reply
Y
Yuri Yusupbaev2015-08-25 14:14:52
Lost authorization on ip phones? 2Reply
C
chief2020-01-06 21:14:56
What is the best way to organize access to computers behind NAT? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question