Peter Mount's Blog

Pages: 1 2 3 4

Configuring BIND to resolve remote hosts over a VPN

Now I use vpn’s to access remote hosts securely, however as I run a local nameserver I also have those zones configured locally, reducing both the traffic over the vpn, and removing problems of the remote dns server causing problems with the local network.

Note: For this to work the remote dns server must be configured to allow you to perform zone transfers. You may need to have a kind chat with the remote administrators if they don’t.

Configuring this is exactly like you would with a slave, even if your local bind instance is a master – as it’s going to run as a slave to the remote server.

Now to keep the config separate I create a new named.conf file for each vpn, then configure the zone(s).

Here our remote network has the domain: remotenetwork.example.com and the remote dns server is on the ip address: 192.168.3.1

peter@kira:~# cd /etc/bind
peter@kira:/etc/bind# vi named.conf.myvpn

zone "remotenetwork.example.com" {
        type slave;
        file "/etc/bind/zones/remotenetwork.example.com";
        masters { 192.168.3.1; };
        forwarders { };
};
zone "3.168.192.in-addr.arpa" {
        type slave;
        file "/etc/bind/zones/rev-192.168.3";
        masters { 192.168.3.1; };
        forwarders { };
};

Next tell bind of the new config by adding named.conf.myvpn to named.conf:

peter@kira:/etc/bind# vi named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.myvpn";
include "/etc/bind/named.conf.default-zones";

Finally make sure that the directory /etc/bind/zones exists and apparmor is configured from the slave example on the previous page.

Then when you restart bind it will keep itself in sync with the remote server and you’ll be able to resolve against it. You may find it’s best to have the vpn up and running when you first do this so bind can do the initial transfer but that’s all that’s required to get your vpn working.