Switching my VPN to use my new DNS server
This post is a quick interlude as I want to get make some progress on my VPN Server setup.
The end goal that I’m attempting to get to here is that I can use my VPN and access the machines inside my network without having to open up ports on my firewall. The VPN will allow the access, then I want to be able to navigate around using my DNS server rather than having to type in IP Addresses.
Before starting anything, these servers are in good working state, just not linked together. Being careful. I’m macking backups of both Raspberry PI’s. This is a simple process of using the Win32 Disk Imager and reading the content of the SD card instead of writing it. Also, if the worst comes to the worst. I have the notes that I took when setting up the machines. Could always do it again from scratch.
For this change I think that the changes that I need to do will be on the VPN Server, rather than anywhere else.
On vpn server
nano /etc/dhcpcd.conf
change
static domain_name_servers=192.168.1.1
to
static domain_name_servers=192.168.1.6
ctrl-x, y then Enter
nano /etc/openvpn/server.conf
change
push "dhcp-option DNS 192.168.1.1" # THIS SHOULD ALREADY MATCH YOUR OWN ROUTER
to
push "dhcp-option DNS 192.168.1.6" # THIS SHOULD ALREADY MATCH YOUR OWN ROUTER
ctrl-x, y then Enter
Also as my PI is also performing the job of DNS server, I’ve had to make the following adjustments.
nano /etc/bind/named.conf.options
and add this to the options section
allow-recursion { any; };
allow-query{ any; };
allow-query-cache{ any; };
This will setup the DNS server to allow recursion to the outside world. With this, the OpenVPN install will fail to properly connect to the internet, but the lan resourses will be available.
Reboot the PI and everything should be working just fine. What will happen is that if the DNS server on 192.168.1.6 gets the first go at resolving the name. So anything that is xxx.lan.cjdawson.com will be resolved from there. If that fails, the DNS server will then go on to perform a lookup for itself and will cache the result. This means that when I’m using my MacBook Pro, I can connect to my iPhone’s hotspot, then use Tunnelblick to connect to my VPN. Then I can use the services on my home network by name, using the DNS server that I’ve just configured. The internet will still work as if my DNS server can’t find and entry it’ll ask the next server along, so everything will work just like normal.