Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
VITYA-XY12021-01-14 20:17:39
openvpn
VITYA-XY1, 2021-01-14 20:17:39

How to set up a primary DNS server in OpenVPN so that the client first looks there, and only then to the local NS?

I don't need to route all traffic through OpenVPN, just the relevant NS to a private Route53 on AWS.
For some reason, people set up bind: https://medium.com/@dusansusic/setting-up-openvpn-... . Isn't it easier to directly register the VPC DNS server?
I in turn installed dnsmasq. Although when I make a request on my LAN through the VPC DNS server:
dig @172.31.0.2 NS stage.example.com
I get ELB CNAME:
stage.example.com. 300 IN CNAME stage-elb-934312745.us-east-2.elb.amazonaws.com.
Same story with dnsmasq on openvpn server:
dig @10.8.0.1 NS stage.example.com

Here is the client config:

client
proto                 tcp
dev                   tun
remote             vpn.example.com
port                  12000

resolv-retry          infinite

remote-cert-tls       server
auth                  SHA256
cipher                AES-128-CBC

verb                  4
allow-pull-fqdn

dhcp-option DNS 10.8.0.1

persist-key
persist-tun
nobind
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>


Server config:

proto       tcp
dev         tun

local       172.31.0.142
port        12000

topology    subnet
server      10.8.0.0 255.255.255.0

ca          keys/ca.crt
cert        keys/issued/server.crt
key         keys/private/server.key
dh          keys/dh.pem
tls-crypt   keys/tc.key
crl-verify  keys/crl.pem

auth        SHA256
cipher      AES-128-CBC

user        nobody
group       nobody

status                /var/log/openvpn/openvpn-status.log
log                   /var/log/openvpn/openvpn.log
log-append            /var/log/openvpn/openvpn.log
ifconfig-pool-persist ipp.txt
verb                  4

push        "dhcp-option DNS 10.8.0.1"
push        "route 172.31.0.0                    255.255.0.0"

allow-pull-fqdn

persist-key
persist-tun


now the question is: why when I directly make a request on the client for an ns record from a private network:
dig stage.example.com

dig first of all makes a request to my local DNS: 192.168.1.1

How to make it either not contact it at all, either I first turned to AWS DNS and only then, if I didn’t find it, I climbed to the local DNS and so that it worked on all clients: Windows, Linux, apples

Thank you

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
F
fara_ib2019-08-17 22:08:02
Network-Manager and auto-raising openvpn client connection? 2Reply
T
tartarelin2019-08-20 19:04:04
Why does the route that works on Pfsense not work on Keenetic Giga? 0Reply
P
povifee2019-08-27 20:44:19
How to connect to trackers via direct connection, but to peers via OpenVPN? 0Reply
E
ellesar20012015-04-08 00:13:49
How to make a VPN server from a PC (windows, linux)? 1Reply
M
Marat Taganov2021-03-28 04:20:45
OpenVPN on two different VPS / VDS how to issue? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question