Hi everyone I'm having a few issues with our internal DNS servers and our openvpn clients. We run some internal dnsmasq forwarding nameservers (10.10.10.10 & 10.10.10.20) to resolve internal hosts that aren't resolvable publically. I've configured openvpn to push these nameservers to the client to use to resolve while connected. My biggest problem is sometimes the VPN would disconnect for whatever reason but my resolv.conf file will still have our internal dns servers listed instead of reverting back to the DNS servers issued on the current LAN, usually googles 8.8.8.8/8.8.4.4. Now nothing can resolve until I reconnect to the vpn. Not ideal for us. Also some of our openvpn clients just don't seem to push/update the nameservers used locally leaving the machine not able to resolve any internal hosts.
So I was thinking I could route some publicly available DNS servers like googles via my VPN but forward the request onto my nameservers to answer instead. Then if the VPN disconnects and the nameservers don't revert, they should still resolve using the real servers, provided the route pushed via openvpn gets removed of course. Does this sound doable? I've got the route pushed via openvpn and added a rule to allow UDP 53 for destination 8.8.8.8/8.8.8.4 and that resolves fine.. just not using my nameservers. Any ideas how I might make this work? Or is there a better solution to this problem? Thanks Marc
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
