Menu
▾
▴
Re: [Openvpn-users] split Horizon DNS
|
From: Eric S. J. <es...@ha...> - 2009-08-03 18:06:53
|
Les Mikesell wrote: > Eric S. Johansson wrote: > > Usually in a public location you don't rely on their local private DNS > at the same time you need access to the tunneled DNS. I thought we were > talking about a connection between LANs, each with their own respective > private DNS names. My local public library has printers I accessed by name. Local names in public location. Remember, the unwashed masses are becoming more sophisticated and we are very rapidly. They tell us how the network should work. :-) > > In a simple scenario where you only care about one machine you might > manage by fudging things with an /etc/hosts file that you swap in and > out as needed (or leave in if the names are unique). Or on a Windows > box you might hook DNS to one LAN and WINS to the other's server. that's not really very practical. The stuff should be flip the switch automatic.in fact, I remember a utility called net switcher back in the days of Windows 95 which did just this. It flipped around Windows configurations for networking so you can work in different locations. Cool but crude >> Right now, for me the difficult part is figuring out how to replace >> the DHC supplied name server information with the private proxy name >> server information in resolve.conf every time I get a new lease. And >> also invoking the conversion script on initiation of a VPN. >> >> remember, I'm not saying this is open VPNs problem, only that it's >> configuration revealed a need to think about DNS a different way. >> Without VPNs, we wouldn't have this problem > > It is a natural consequence of private addressing instead of the > expected hierarchical design. VPNs are just a way of working around > some of the issues - but you'd see the same thing if you connected up > with private physical circuits instead of virtual ones. yes but if we had a bunch of physical circuits or static virtual ones, we can solve the problem through negotiation over what's going to go to a name server because to have a VPN up and running between two organization implies a level of trust. An open VPN, there is no trust implied with the local network but still, you may need names or services from that local network and is nothing he can do to the name server on either side to fix this problem. It has to be fixed on the same machine as you run open VPN. Okay, if there's no serious proxy advice forthcoming, I'll just drop this. I will keep telling people there is no solution for split horizon DNS under Windows. |
