Pages

Sunday 6 March 2011

Adding DNS Records to Zones You Don't Have Access to

This particular problem came to me whilst setting up some internal services at the office. We're a small office for a much larger company, and we're not part of their network infrastructure. So in order to access our email, we have to VPN back to the main office using the cisco vpn client, which takes it upon itself to change your DNS suffixes, meaning if (like me) you Disable NetBIOS, anything on your local network will become inaccessible as soon as you connect to the VPN.

I've been googling around to try and get awnsers to this myself, only to find that a number of people are having similar problems. And then remembered my work with DD-WRT and IPv6, so gave the following a try.

This is because if we override the zone here, we cannot access the email servers at the other end of the tunnel, but when we connect it changes our local search order. We do not have access to change the DNS zone at the other end.

It does not however, modify your DNS servers or connection order, so there is something you can do. Install DNSmasq. You can specify results for certain queries in the configuration file, for example:

address=/test/test.localdomain/test.remotedomain/10.0.0.30
address=/test/test.localdomain/test.remotedomain/2001:0DB8::1

You can also configure this on the same machine as your existing DNS server, simply set it to run on a different port, then set DNSmasq to forward any queries it cannot answer itself to it, either in resolv.conf or in the config file itself.

server=10.0.0.30:2053

This can interfere with DNS registration, so be careful and creative with your solution if you still require it. You can also use DNSmasq as a DHCP server if necessary, but I do not have the access to disable the existing one here.

3 comments:

  1. This worked well. I didn't have any problems with the DNS registration. Thanks
    US VPN

    ReplyDelete
  2. Configuring the DNS can be done even with the exceeding location. This is a great tip.

    call recording

    ReplyDelete
  3. In order to avoid any additional downtime, it is strongly recommended that you have a copy of your website on the new hosting web server or data center, so that as soon as the DNS change takes effect, you will have your website online.

    ReplyDelete