Why would I want to use Conditional Forwarding?
In my case, my local dns server has entries for local hostnames such as m2n.ion.lan, mongo.ion.lan, and tux.ion.lan. If I am using the vpn dns, then these address lookups would fail. By using Conditional Forwarding I can do all lookups locally, except for ones that match the remote top level domain (example.local). Anything that matches example.local would be forwarded to the remote dns server.
- Connect to remote vpn server and use local DNS server
- Ping server.remote.local (remote FQDN) – fail
- Ping server.ion.lan (local FQDN) – success
Of course the remote ping fails because the local DNS server knows nothing about the remote domain. If I was to configure my machine to use the remote DNS server the opposite would happen. I would be able to ping server.remote.local, but a ping to server.ion.lan would fail.
Solution: Use dnsmasq with conditional forwarding to forward *.work.local requests to the remote dns server.
1. Install dnsmasq using your local package manager
# Tells dnsmasq to forward anything with the domain of remote.local to dns server 10.25.11.2 server=/remote.local/10.25.11.2 # Listen to requests only coming from the local machine listen-address=127.0.0.1 # Do not cache anything # A decent dns server will already cache for your local network cache-size=0
# Local LAN Domain domain ion.lan # local dnsmasq server nameserver 127.0.0.1 # Your main dns server (dnsmasq will forward all requests to this server) nameserver 10.20.1.1
4. Start dnsmasq
5. Test – ping a local server and remote server using the FQDN
All dns requests will be forwarded to 10.20.1.1 except any matching *.remote.local. server.remote.local will be forwarded to 10.25.11.2