I'm trying to set up local lookups to an internal AWS VPC DNS for a subdomain of a domain that is otherwise resolved on the local (company) LAN. Here's an example:
Company LAN (internal) resolver resolves "company.com". I have an internal resolver in the AWS VPC for aws-east.company.com zone; it resolves EC2 instances (and other allocated AWS resources), e.g. server1.aws-east.company.com inside the VPC.
When I'm connected to the VPC via the VPN, I can have the VPC's DNS resolver to be used as a local workstation DNS. Then the VPC (aws-east.company.com) zones and Internet zones are resolved, but not those on the company LAN. If I disable push of the VPC DNS server, then the company LAN zones are resolved, but not those in the VPC.
My question is: is there a way to set up zone-specific DNS lookups when the zones in question are a top level domain (company.com) and its subdomain (aws-east.company.com)? There are many posts on the web that suggest using entries in /etc/resolver, but they don't seem to work in this case since the top level entry (company.com) doesn't resolve the subdomain entries (aws-east.company.com) and vice versa.
Short of setting up a local resolver (say, unbound), are there other solutions to this problem? Can I somehow define resolver 1 for aws-east.company.com, and resolver 2 for company.com. Either one will recurse Internet zones. At this point having the company resolvers resolve/recurse the VPC zones, or vice versa is not an option (there is no static VPN between the cloud and the company LAN).
Thanks for any insights on this!
Company LAN (internal) resolver resolves "company.com". I have an internal resolver in the AWS VPC for aws-east.company.com zone; it resolves EC2 instances (and other allocated AWS resources), e.g. server1.aws-east.company.com inside the VPC.
When I'm connected to the VPC via the VPN, I can have the VPC's DNS resolver to be used as a local workstation DNS. Then the VPC (aws-east.company.com) zones and Internet zones are resolved, but not those on the company LAN. If I disable push of the VPC DNS server, then the company LAN zones are resolved, but not those in the VPC.
My question is: is there a way to set up zone-specific DNS lookups when the zones in question are a top level domain (company.com) and its subdomain (aws-east.company.com)? There are many posts on the web that suggest using entries in /etc/resolver, but they don't seem to work in this case since the top level entry (company.com) doesn't resolve the subdomain entries (aws-east.company.com) and vice versa.
Short of setting up a local resolver (say, unbound), are there other solutions to this problem? Can I somehow define resolver 1 for aws-east.company.com, and resolver 2 for company.com. Either one will recurse Internet zones. At this point having the company resolvers resolve/recurse the VPC zones, or vice versa is not an option (there is no static VPN between the cloud and the company LAN).
Thanks for any insights on this!