Multiple routers using one DNS domain?

Installing and Using OpenWrt
1

What's the best current practice when using multiple routers in a network? If possible I'd like to be able to refer to computers using names without the qualifying domain and independent on the router it's connected to.

The easiest solution may be to give all routers their own domain name and add all domain names to the domain search path. But I would like to avoid that and use the same domain for multiple routers.

2

I'm not sure Dnsmasq will do this. There are others on the thread who could not get LAN resolution without a domain name appended to the hostname.

3

Use a dedicated DNS server, and point all clients at it.

I use - and recommend - Pi-hole for this, but there are many alternatives. It involves having an additional device on your network, though.

1 Like
4

Pi-hole is not a DNS server, it is a DNS forwarder. Use something like BIND, Knot DNS or Unbound.

1 Like
5

I put all my infrastructure management interfaces on a restricted VLAN. I use a local domain (with unbound on another server) so I can resolve, for example, office.wifi.management only from the hosts that should have access or knowledge of those names and addresses.

6

I have multiple site to site VPNs, and I initially tried having one search domain but I couldn't really get the DNS lookup to work properly without recursive loops.

To get around that, I made each router/network have a slightly different search domain:
lan.foo
lan2.foo

and edited dnsmasq settings (LuCi)

  • Local server: /lan.foo/
  • Local domain: lan.foo

DNS forwardings:

  • /lan2.foo/10.0.2.1

Domain whitelist:

  • lan2.foo

and edited /etc/dnsmasq.conf to push out all search domains

  • dhcp-option=119,lan.foo,lan2.foo,lan3.foo

You will have to adjust the config for each router slightly (obviously).

This gives you seamless dns lookup on all linux/unix based clients e.g. "ping host1", vs having to type "ping host1.lan2.foo".

As of Windows 10 build 1803 (run winver), DHCP option 119 is now supported. If you're running an older build or version, you would need to manually set the search domain on each windows client if you don't want to type the FQDN.

This is probably not best practice in your scenario, but it works well for VPN since the DNS doesn't break if a VPN link goes down.