home/hermes
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
This repository has been archived on 2023-12-26. You can view files and clone it, but cannot push or open issues or pull requests.
7 commits 1 branch 0 tags 212 KiB
HCL 93%
Nix 4.8%
Jinja 2.2%
Find a file
Pim Kunis 7320e4e44a grand dnsmasq rewrite
2023-03-12 20:33:25 +01:00
.gitignore init 2023-03-11 17:10:21 +01:00
ansible.yml add dnsmasq server 2023-03-12 00:49:55 +01:00
cloud_init.cfg.tftpl add dnsmasq server 2023-03-12 00:49:55 +01:00
dnsmasq.conf grand dnsmasq rewrite 2023-03-12 20:33:25 +01:00
main.tf add dnsmasq server 2023-03-12 00:49:55 +01:00
network_config.cfg.tftpl parameterize ip 2023-03-11 19:05:42 +01:00
README.md init 2023-03-11 17:10:21 +01:00
variables.tf parameterize ip 2023-03-11 19:05:42 +01:00

README.md

dmz-dns-vm

Provisions a VM using libvirt which acts as the DNS server on our DMZ network.

The VMs on our DMZ might like to contact eachother. For example, one VM wants to clone a repository from the git server. However, because our home network is NATed, a DNS lookup of these servers will result in our public IP address. This will in general not work, because the public IP address is only assigned on the WAN port of the router.

One solution is to overwrite DNS requests from the DMZ to the router if they query these VMs. However, then the router needs to operate on the DMZ vlan, which is not ideal in terms of security.

This solution creates a seperate VM on the DMZ that acts as the DNS server. Dnsmasq checks whether a request is made for a DMZ server and forwards this to an NSD server. This NSD server pretends to be authoritative for these requests and returns their DMZ internal IP addresses.