DEV Community

Arseny Zinchenko
Arseny Zinchenko

Posted on • Originally published at rtfm.co.ua on

3 1

OpenVPN: DNS and dnsmasq configuration

#networking #openvpn #dns #aws

In addition to the OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration post – DNS settings example.

We have the ci.example.com domain, which has to be resolved to its Public IP (of the AWS EC2 instance) if it’s requested from thу Internet – or to its Private IP – if requested via a VPN connection.

To achieve this – you can use the dnsmasq service installed on the OpenVPN AS host.

Install it:



$ sudo apt -y install dnsmasq
Enter fullscreen mode Exit fullscreen mode

Create a /etc/dnsmasq.hosts file with hardcoded Private IPs for necessary services:



10.0.5.10 ci.example.com 
172.31.36.107 nexus-repo.example.com 
10.0.3.105 rabbitadmin-production.example.com 
10.0.1.6 monitor.example.com
Enter fullscreen mode Exit fullscreen mode

Next – update /etc/dnsmasq.conf file and add the addn-hosts option so it will look like next:



listen-address=127.0.0.1
listen-address=10.0.10.4
bind-interfaces
log-queries
addn-hosts=/etc/dnsmasq.hosts
Enter fullscreen mode Exit fullscreen mode

Restart the dnsmasq service:



root@openvpnas2:~# service dnsmasq restart
Enter fullscreen mode Exit fullscreen mode

Check locally:



root@openvpnas2:~# dig @localhost ci.example.com +short
10.0.5.10
Enter fullscreen mode Exit fullscreen mode

Good.

Now go to your OpenVPN’s admin page => VPN Settings and set the Have clients use specific DNS servers to Yes:

In the Primary DNS Server field set your EC2’s Private IP where is your OpenVPN server running.

Restart your VPN connection on a workstation:



$ sudo openvpn --config vpnroot-client.ovpn
...
Fri Feb 22 16:53:58 2019 /usr/bin/ip link set dev tun0 up mtu 1500
Fri Feb 22 16:53:58 2019 /usr/bin/ip addr add dev tun0 172.27.240.25/20 broadcast 172.27.255.255
Fri Feb 22 16:53:58 2019 /etc/openvpn/update-resolv-conf tun0 1500 1553 172.27.240.25 255.255.240.0 init
dhcp-option DNS 10.0.10.4
...
Enter fullscreen mode Exit fullscreen mode

Check local resolv.conf:



$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 10.0.10.4
Enter fullscreen mode Exit fullscreen mode

Check DNS resolution:



$ dig ci.example.com +short
10.0.5.10
Enter fullscreen mode Exit fullscreen mode

And any other:



$ dig google.com +short
74.125.193.100
74.125.193.101
74.125.193.102
Enter fullscreen mode Exit fullscreen mode

Done.

UPD: But there is much more correct solution using DNS resolution via AWS Peerings.

Similar posts

profile
AWS
 Promoted

AWS GenAI LIVE image

How is generative AI increasing efficiency?

Join AWS GenAI LIVE! to find out how gen AI is reshaping productivity, streamlining processes, and driving innovation.

Learn more

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

jajera profile image

Securely Connecting to Private EC2 Instances with EC2 Instance Connect Endpoint

John Ajera -

agarwalanushka profile image

Step-by-Step Dockerization of a Node.js App Connecting to AWS CloudHSM with PKCS#11 SDK

Anushka Agarwal -

sertxudev profile image

Unifi: Change Inform URL

Sergio Peris -

agbagbarao profile image

Distribution Calculator In Svelte - Hosted on Amazon S3

Omo Agbagbara -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay