My network setup: Site to site VPN (No matter what location, networks are cross linked, so I'm able to access the intranet / LAN, but keep using the ISP of that location to not cause internet speed slowdown and higher latency (e.g. Mobile operator), only use VPN tunnel for inter-LAN connection), Technitium DNS, OpenWRT.
You can self host Technitium locally or in some cloud by also adding site to site vpn on there (Tailscale is also capable of behaving like S2S thanks to subnet router feature https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router https://tailscale.com/kb/1214/site-to-site)
or once again DIY using wireguard like here https://github.com/mjtechguy/wireguard-site-to-site
Install Technitium:
https://wiki.opensourceisawesome.com/books/authoritative-dns/page/install-and-configure-a-primary-and-secondary-technitium-authoritative-name-server
or via Docker https://github.com/TechnitiumSoftware/DnsServer/blob/master/docker-compose.yml
On OpenWRT
sudo nano /etc/dnsmasq.conf
server=/your-tld/127.technitium.ip.0.1
then
/etc/init.d/dnsmasq restart
and while yes, You could also use your private DNS server for everything everything (and maybe as a pi-hole like behavior too), but if it breaks (fully or partially), you may not be able to reach websites, seems like even if you did set the fallback of any other dns provider IP. And either way imo split dns seems more effective.
Top comments (0)