DNS configuration to route external DNS queries to OpenDNS

emlarsen · August 3, 2018, 4:45pm

NethServer Version: 7.5.1804
Module: Firewall rules

I am trying to configure DNS to use the local dns for names on the lan and then for all names not on the lan forward to OpenDNS.

If I list the IP for NethServer first and then OpenDNS entries second; local names resolve fine but external names are resolved but not resolved via OpenDNS.

Sorry I’m a DNS newbie - I’ve seen various examples that are close but not not the same. I’m not sure if I need to use a firewall rule or config in dnsmasq.

Any suggestions?

danb35 · August 3, 2018, 4:50pm

I’d think the way to do this would be, in the Neth config, to use the OpenDNS server. In your client machines, use the Neth server. Your clients will get all the DNS information from the Neth box, which will reach out to the OpenDNS servers for anything it doesn’t know by itself.

emlarsen · August 3, 2018, 6:12pm

Well that is how I have it configured “I think”

DHCP is enabled whit DNS as follows; nethserver.ip,208.67.222.222,208.67.220.220 (second two are the OpenDNS ips)

If I remove the nethserver.ip then it forwards to OpenDNS but I loose local name resolving. As configured it resolves as follows;
nslookup www.google.com
Server: main.nethserver.com
Address: 192.168.0.25

the nethserver resolves it and does not forward it to OpenDNS.

danb35 · August 3, 2018, 6:14pm

Is that on the Nethserver configuration? Take out the Nethserver IP if so.

emlarsen · August 3, 2018, 6:20pm

Well as I stated that will send all DNS queries to OpenDNS

nslookup www.google.com
Server: resolver1.opendns.com
Address: 208.67.222.222

BUT as I also stated I loose local name resolving
nslookup main.nethserver.com
Server: resolver1.opendns.com
Address: 208.67.222.222

*** resolver1.opendns.com can’t find main.nethserver.com: Non-existent domain

So how do I get local name resolution and external name resolution via OpenDNS.

EddieA · August 3, 2018, 6:30pm

That is sending all requests out to OpenDNS. NS should normally be running dnsmasq as it’s nameserver, so you should see all the requests routed to 127.0.0.1, where dnsmasq with respond for local names, but internally send on requests it can’t resolve to OpenDNS.

What is the contents of /etc/resolv.conf

DHCP should only be configured with the NS IP, which is the default, so that dnsmasq is used. The other nameservers should be configured on the Network page, so dnsmasq knows where to send requests it can’t resolve.

Cheers.

emlarsen · August 3, 2018, 6:38pm

Perfect!!! That solved it!!!

Thanks so much for your help.