[Openswan Users] DNS through VPN

Willie Gillespie wgillespie+openswan at es2eng.com
Tue Feb 8 18:43:59 EST 2011

On 02/08/2011 02:51 PM, Alex wrote:
> Hi,
>>> I suppose this isn't a VPN question directly, but how do I configure
>>> DNS for a domain that's behind the VPN on one side or the other? Would
>>> a slave zone restricted to just clients of a particular IP range be
>>> the best approach?
>>> In other words, I have a behind the net-to-net openswan
>>> gateway on one side, and behind the net-to-net openswan
>>> gateway on the other side, and would like to have both sides be able
>>> to resolve hosts from the other side.
>> Do you have a DNS server on each side?  What forward lookup zones are they
>> (each) responsible for?
> Yes, I should have mentioned that there is a DNS server on one side
> that is publically-accessible and a DNS server for the internal
> network on the other VPN server which is also the gateway for the
> network.

Well, what you could potentially do is create a forwarder on both DNS 
servers that just point to the other DNS server.

So your DNS server on 192.168.1.x could have a forwarder for 
branch-office-6.example.com that goes to 192.168.6.x and vice-versa. 
You'd probably also want to forward 6.168.192.in-addr.arpa to the same 

More information about the Users mailing list