Multisite DNS resolver
August 27, 2006
During my stay in San Francisco, I will remain connected to my network and some friends’ networks in France through VPNs. Using a single VPN endpoint and having the default gateway and stuff on the other end of it is no problem. However, if you have multiple VPN endpoints, multiple networks of many machines, you start to run into a problem: how do you do DNS resolution?
Imagine that you have your laptop, connected through GoogleWifi to the ’net. You also have two VPN endpoints, one leading to your home intranet (domain intra.natulte.net), and one leading to a friend’s network (domain foobar.org). The routes are properly configured, so accessing stuff by IP address will always properly go through the right interface, either direct (internet), home (my intranet) or friend (his intranet).
But how do you do DNS resolution? Ideally, you’d want a highly configurable resolver client, to which you can say: - Any query for intra.natulte.net, you send to 172.24.42.1 (dns server in the home VPN) - Any query forfoobar.org, you send to 10.42.42.1 (dns server in the friend VPN) - Any others, send to the resolver specified in /etc/resolv.conf.
So, unless someone knows of a magic resolver layer that can do this kind of thing, I think this is going to be one of my pet projects: work out how to wrap the standard resolver libraries and add this behaviour.