Forward domain DNS queries over OpenVPN with Tomato firmware

For various reasons you may want to selectively redirect DNS queries for a specific domain to a specific server.

In my case, I had to redirect Active Directory domain DNS requests over a VPN link. The VPN was established between an ASUS RT-N10U B1 running Tomato by Shibby and an Untangle box.I wanted to forward only the domain zone and not all the entire DNS traffic not to deteriorate performances.

tomato_forward_dns_over_openvpn

Forwarding all the DNS requests over the VPn would result in decreased performances for the Branch Office users.

The solution came from the Dnsmasq in the Tomato firmware. The configuration can be found under Advanced, DHCP/DNS.

The configuration goes like this:

rebind-domain-ok=/domain.lan/

server=/domain.lan/192.168.10.10

address=/server/192.168.10.10
address=/mail/192.168.10.10
tomato-by-shibby-dns-forward

Complete configuration.

In short:

  • server specifies to server for a specific domain.
  • address specifies the IP of the specified FQDN
Note the rebind instruction, I needed it because the logs would show me blocked DNS requests for the domain.

No need for a local Active Directory!

For more details about the possibilities, check the Dnsmasq documentation.

Leave a Reply