DNS Setup / Notes
Started this set of notes related to how to get DNS records accessible for various VPN hosts that I have setup.
Up to now, I’ve been using /etc/hosts, with appropriate records there. However there’s the question of how to kee those results both up to date and consistent across multiple systems as new servers may be added.
I’m collecting notes here, not because I’m happy I have the perfect solution, but just to document the approaches I’ve tried, and relevant links.
OpenWRT and Dnsmasq
At home, I’ve a good solution for this. My router is running OpenWRT, which I can wholeheartedly recommend. There’s DNS and DHCP being served from that router, via Dnsmasq. Dnsmasq by default reads its host’s /etc/hosts, and serves those records to the network, so for computers within the home network, all that is required is to keep the openwrt router’s /etc/hosts file up to date. Note, it may be required to restart the service when the file is changed and needs a reload, but that’s as easy as “/etc/init.d/dnsmasq restart”
Per user hosts file
This doesn’t fix the situation for other servers, laptops, etc., which either sometimes or always reside outside my home network.
My first idea was to look for a per-user hosts file of some sort, which I could then manage via my dotfiles (I’m using stow, fossil, etc., to manage a set of dotfiles that I share across my various accounts).
It looked promising here: https://unix.stackexchange.com/questions/10438/can-i-create-a-user-specific-hosts-file-to-complement-etc-hosts This link mentions the HOSTALIAES environment variable which can be used to specify a per-user file that has domain aliases in it. However, there’s a key limitation, which is that the file cannot have mappings from hosts to IP addresses, just mappings from aliases to FQDNs. There’s a good set of notes here: http://blog.tremily.us/posts/HOSTALIASES/
DNSmasq running within the VPN
Coming back around in the direction of my home-fix, I thought of running dnsmasq within my VPN(s). I make some use of peervpn. The setting up of the mesh for that is pretty much independent of DNS as I use a list of IP addresses of hosts, so I picked the main server I’m using (which is also part of my openvpn VPN, and setup Dnsmasq on the server to run on all interfaces except for the public IP address. As with my home setup, this includes the /etc/hosts file entries, so now I just have to keep two hosts files up to date and consistent.
Public DNS servers
Along the way, I wanted to revisit where I’m using for DNS resolution. I’d looked into this a while ago, and have tended to use 1.1.1.1 (and not Google’s, for example)
- As mentioned, I’ve used Cloudflare 1.1.1.1 service
- Then there is Google’s offering, I don’t like this simply because I’m sure they’re mining the data and storing stuff.
- One I came across for the first time lately was Quad9. I have to read up more on this, but they seem to prioritise privacy & security. It’ll be important to check the funding/business-model of the foundation however.