Discussion in 'Tomato Firmware' started by dylanjustice, Jul 12, 2011.

  1. dylanjustice

    dylanjustice Addicted to LI Member

    I've bridged a couple of lans with TomatoVPN, gotten a WINS server working on the server network, and I've got to say that my users are ecstatic. I can't believe how easy and effective it's been.

    Now I'd like to expose the private DNS resolution on the Tomato server out to the clients.

    Specifically, I've used Tomato to assign static IP addresses and hostnames to a lot of machines on the main office (server) network, and I'd like for the users on the client subnets to be able to access them by name.

    Is this doable? I cannot find any documentation on the "Accept DNS configuration" options, and I don't quite understand what they're for.
  2. dylanjustice

    dylanjustice Addicted to LI Member

    Partial solution

    I haven't found documentation, but I've pieced together what the client DNS options seem to mean. Corrections are welcome, I have not found a definitive answer anywhere.

    Disabled: ignore server DNS
    Relaxed: choose server based on response time from first query.
    Strict: use server DNS unless it doesn't work.
    Exclusive: use server DNS. Period.

    The (nonexistent) strategy I'd like, is to use the fastest DNS for general queries, but to use the server's DNS for queries which fall within the "search" domain. That will enable the server to respond to queries for private DHCP-related names. So I'll search for a way to have a private zone on my client routers.
  3. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Exactly right.

    Look into dnsmasq config file directives (which can be entered into the Tomato GUI). It can probably be made to do what you want.
  4. dylanjustice

    dylanjustice Addicted to LI Member


    My solution in the end was to create a separate private domain for each office. NB: by default, Tomato doesn't seem to respond to DNS queries on the tunnel interface, so I needed to add the bind-interfaces option. This was the critical step that I was missing previously.

    # respond on all interfaces, including VPN tunnels

    # search all three domains

    # send queries for HQ to HQ's router

    # send queries for satellite office 1 to sat1's router

    # send queries for satellite office 2 to sat2's router
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice