DNS redirect based on local or remote network connection [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

We don’t allow questions about professional server or networking-related infrastructure administration on Stack Overflow. You can edit the question so it’s on-topic for Stack Overflow.

Closed 4 years ago.

Improve this question

I have a domain name mysite.com pointed to my dedicated server (debian 7). Authenticated users will be behind OpenVPN with local addresses and masquerading.

What I want to do is send unauthenticated users to the server's remote ip and authenticated users to the local ip. To make things even more interesting, I have a reverse proxy setup to send a sub domain to a different port.

So far I have looked at iptables prerouting, and apache2 proxy.

The basic idea is if the user can reach 10.8.0.1 the domain mysite.com should resolve to 10.8.0.1 otherwise is should resolve to the remote ip. How can I achieve this?

Answer 1

openVPN allows you to specify a DNS server along with the VPN-IP address. if you control this DNS-server, you can easily create an ACL that will return 10.8.0.1 for queries originating from the VPN network, and the public IP address when the queries come from outside of this network.

in the openVPN config, you would add something like the following (assuming your DNS-server has the IP 10.8.0.53)

push "dhcp-option DNS 10.8.0.53"

how to configure your DNS-server will obviously depend on the actual server you are using (which you didn't mention). in bind9 it would look similar to the following:

acl authenticated { 10.8.0.0/24; };

view "authenticated" {
   match-clients { authenticated; };
   zone "mysite.com" {
      type master;
      file "/etc/bind/db.authenticated";
   };
};
view "anonymous" {
   match-clients { any; }
   zone "mysite.com" {
      type master;
      file "/etc/bind/db.anonymous";
   };
}