What I've done is make dnsmasq the public DNS server for
localnet.mydomain.com. So that everyone on the internet can see that
mycomputer.localnet.mydomain.com has ip 192.168.1.44.

Then the remote site can have computer names like
thatcomputer.remote.mydomain.com.

I'm not really confident that my approach here is without problems.
E.g. it may be considered a tiny security risk to publish your local
info publicly. Take it or leave it...


Rune.

Set /etc/resolv.conf to the local dnsmasq (nameserver 127.0.0.1)Set openvpn
to store its information to /etc/resolv.conf.vpn
Tell dnsmasq to read the server list from /etc/resolv.conf.vpn

I ran into this as well. The solution was to set up a local instance of
Dnsmasq on the workstation, and take advantage of the --server directive
to declare domain specific DNS servers.

I was following an OpenVPN tutorial[1], which recommended installing
resolvconf, but that did absolutely nothing to help the breakage of my
split-horizon DNS setup. I later ran across openresolv[2], which
includes scripting to update Dnsmasq's --server directives via DBus when
the VPN goes up and down.

Though the "out of the box" setup still isn't quite there and needs some
fixes to work correctly. I originally set up a machine using this in
January, and got it working good enough to get a project done, but have
been meaning to come back and fix the rough edges and contribute the
fixes back to openresolv. As I recall, even with openresolv I ended up
using a static --server entry pointing to my local server, even though
in theory is should be possible to get that to work automatically.

1. http://ubuntuforums.org/showthread.php?t=1021592
2. http://roy.marples.name/projects/openresolv/
I think users unknowingly have their DNS resolution hijacked by VPN
specified servers all the time, but just never realize it because both
their normal and the VPN specified DNS servers are able to resolve
public names. Most end-users running a VPN don't have a local resolver
with private names, so they don't notice the problem.

Regardless of whether it ends up working OK most of the time, I think
this behavior is flawed, and the /etc/resolv and resolvconf
infrastructure should be fixed. Ideally, there should be one place to
specify a pool of redundant servers for public names, and any other
servers should be added with a domain scope.

One of the challenges is that Linux (assuming that's what you're using)
doesn't have native support for domain-specific DNS servers. I've read
that this is something built-in to OS X via their lookupd daemon[3]. You
drop an /etc/resolv.conf style file into a location like
/etc/resolver/domain.com and it specifies which server to use to resolve
domain.com names.

I did run across a lookupd port[4] to Linux, but the project seemed
dead. Might be a concept with adopting in Dnsmasq, seeing as it is
becoming the favorite glue to fix the trickier resolver problems.

3. http://www.macosxhints.com/article.php?story=2004062902195410
4. http://savannah.nongnu.org/projects/lookupd
That won't cut it, as openvpn will overwrite your local DNS servers with
the one provided by the remote network, and you'll again be cut off from
the local domains. You need to also add the --server directive
statically, or set dynamically via openresolv.

-Tom

I had the same issue with two dns servers serving different domain. I
solved it with all-servers option and this patch:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2009q1/002784.html

regards,
Nikos