Hello,
I'm using OpenWrt in a different way than the typical use case of routing to the internet. I don't think it matters much for the discussion, but the hardware are all Espressobin V7 boards.
I have machines that I deploy inside our company that have several devices on them to run the machine: cameras, industrial controllers, visualization PC's, etc. These can be considered embedded devices in spirit. These are assigned to the "lan" zone in OpenWRT.
We also have a company wide network (one subnet actually) that the machine routers connect to which I've left as the zone "wan" to make setup easier. This is a typical small office network with several Microsoft servers and PC workstations, printers, etc.
The goal of this is to limit (or eliminate) the number of static IPs on our network associated with machinery, provide a bidirectional firewall both for security reasons and to have limited traffic on the embedded devices on our machine. Of course, having a medium power linux computer on every machine could be very handy!
Most of the devices only need to be accessed occasionally so that I can set them up or program them with my laptop computer directly connected to the "wan" side. I have had good luck in setting these up as port forwards for the most part.
One or two of my machine devices need to access a couple of servers on our company network for things like SMB shares and MS SQL database (file backup and database logs/lookups).
On our "machine" side or "lan" zone the devices are static IP but I leave DHCP enabled for new devices that need to be configured, etc. For the company side or "wan" zone the router is getting its IP and suggesting its hostname via the company DHCP server. This is pretty slick in that I can access each machine by their actual name and I can give it a name right through the Luci interface.
I want my embedded devices to be able to access the company servers by name and have the firewall rules be defined as names as well. I originally did this by setting up a port forward routing rule to access the company's DNS server port. This seemed a bit cheap/cheating and I think I needed to use a numeric IP address which kind of defeats the purpose.
So, with all that background, here are the questions:
What is the best way for my "lan" zone devices to be able to use hostnames of the company servers listed on the wan" zone DNS server? Can Dnsmasq be set up to do this or am I just going to have to do some fancy script files running lookup commands in the background populating host name tables? Will either of these allow me to specify DNS names in the /etc/config/firewall config file?
Thanks!
MAD