I'm not sure it that's the right term for what I'm asking about, but it's the best I could come up with. Here is my situation...

I'm setting up a network using OpenVPN. The clients I'm setting up will need to be able to access their own DNS servers (to resolve internal names at their location) as well as my DNS server for my internal hosts. In the past I was lead to believe that this is possible by doing something like:

nameserver (ip of site1-domain.com's DNS server)
nameserver (ip of my-domain.com's DNS server)
nameserver (ip of the Client ISP's DNS server)

search site1-domain.com
search my-domain.com
search client-isp.com

And so on. With the idea that if a searched host only existed in site1-domain.com, then the name resolution would stop there and the client would then know the correct IP. If the searched host only existed in my-domain.com, then the search would fail when the site1-domain.com DNS was queried and the search would continue onto my DNS server where it would be resolved properly. If neither of the search domains + DNS servers gave the appropriate answer, then the last place to go would be the ISP's DNS server. (In case the client's primary DNS server was failing and they wanted to redirect all queries to the outside world so that at least internet access would work)

However, when I set up this configuration, I ran into multiple issues which lead me to abandon to the configuration. So... was I doing something wrong, or is this simply not possible to do cleanly?

hello,

i think -- the query resolution determine by the nameserver order.
from a fresh (has not been cached yet) its impossible to be a directed query to a specific NS.
example :
the /etc/resolv.conf contains this :
nameserver ns01.abc.com
nameserver ns02.def.com

client1.abc.com will automatically query the first nameserver which is ns01.abc.com -- by that if it doesnt find the answer -- go to ns02.def.com, bang -- it has the answer -- cached - since then no longer need NS.

but -- BTW, i'm wondering what kind of problem do you have?

cheers.

This is a better topic than many people pick. We get a lot of "help me" or "problem" topics...

It only goes to the next nameserver if the first does not respond...they must be co-equals. With nsswitch.conf you can check a local host file first. So I have done this...

1 local host file

2 private dns server

3 private dns server uses normal dns protocol for domains for which it is not authorative.

Thanks for the replies.

I have a few different situations in which I'm trying to set this up, but I'll give a more concrete example: my parent's network connecting to my network via OpenVPN.

I have a network in 192.168.20.0/24 and my parents are in 192.168.2.0/24 and OpenVPN connects both sites over DSL lines. I run my own DNS server for internal name resolution with my internal domain being myplace.priv. My parents have a DNS server and their internal domain is parents.priv. I'd like for them to be able to resolve intranet.myplace.priv as well as parentnet.parents.priv using just the hostname. For example, if they type: http://intranet into Firefox, they should ideally get to intranet.myplace.priv as long as the OpenVPN connection is up. In the event that it's down, I don't mind if they can't get there. But I'd still like them to be able to access their own site at http://parentnet.

The problem I've run into in the past is that they've needed to use the FQDN to access resources on my network if I set their 'search' option as 'search parentnet.parents.priv' or as the case may be, have DHCP push that out. And this is what I'm asking for... a way for the query to fail within one domain and pass onto the next before heading out the door to the ISP DNS server (where it should fail as well since this is all private internal stuff). Ideally, if they ask for http://intranet and that host or alias only exists in my domain, then it should fail for their domain. So maybe the search order matter first? I'm still not sure if I'm explaining this clearly. I just really want to avoid having to pull them into my domain. But maybe that's the way to go with them as a secondary to my master...

hello,

OK,

1. create a secondary of myplace.priv at parent.priv's NS. (and vice versa if you like).
2. or a stub pointing authoritative NS for myplace.priv at parent.priv's NS.
2. this config should make the clients not querying ISP's NS (except for the internet) -- unless you created mistakes.

cheers.