I am setting up a VPN server and need to be able to route dns traffic through the VPN to pick up appropriate geo specific IPs from DNS servers near the VPN endpoint.

However, I need to fudge a particular local IP address in to the mix for a fully qualified domain that I do not control (yes, I’m deliberately man in the middle attacking myself for a very specific use case).

Bind is a bit over the top for something this simple. It turns out that dnsmasq is almost as easy to set up as one would expect. A particularly good guide is https://gist.github.com/magnetikonline/6236150

Use the manual Method 2 technique. I am running a headless Ubuntu so there is no Network Manager to worry about.

Don’t forget to lock down access to port 53 with a firewall or you’ll have a recursive DNS server open to the public and available for DNS amplification attacks!! Here’s a quick link to a great guide for setting up UFW: https://help.ubuntu.com/community/UFW

Leave a Reply

Your email address will not be published.