DNS forwarding in VyOS
Update (February 2021): As of VyOS 1.2.0 "service dns forwarding listen-on" has been deprecated. Please use "service dns forwarding listen-address" instead. In addition, you must now set "service dns forwarding allow-from" as well, as open DNS recursors are vulnerable to denial of service attacks.
A lot of small networks do not have their own DNS server, but it's not always desirable to just leave hosts to use an external third-party server either, that's why we've had DNS forwarding in VyOS for a long time and are going to keep it there for the foreseeable future.
Experienced VyOS users already know all about it, but we should post something for newcomers too, shouldn't we?
Configuring DNS forwarding is very simple. Assuming you have "system name-server" set, all you need to do to simply forward requests from hosts behind eth0 to it is "set service
There are some knobs for telling the service to use or not use specific DNS servers though:
set service dns forwarding listen-on eth0
# Use name servers from "system name-server"
# Use servers received from DHCP on eth1 (typically an ISP interface)
# Use a hardcoded name server
You can also specify cache size:
set service dns forwarding cache-size 1000
One of the less known features is the option to use different name servers for different domains. It can be used for a quick and dirty split-horizon DNS, or simply for using an internal server just for internal domains rather than recursive queries:
set service dns forwarding domain mycompany.local server 192.168.52.100 set service dns forwarding domain mycompany.example.com server 192.168.52.100
And that's all to it. DNS forwarding is not a big feature — useful doesn't always equal complex.