Sign in Subscribe Contact me
By Vlad Frantskevich in Security

How Split-View DNS Can Improve Your Business Operations

After a grueling week at the office, you decided to unwind and catch up on some work from the comfort of home. You fired up a laptop, established a secure connection through the VPN client, and typed "erp.mycompany.com" into the browser. Unfortunately, an error message popped up informing me that the site couldn't be found.

Assuming it might be routine maintenance, you grabbed a coffee break. Fifteen minutes later, the same error persisted. Two hours passed, and your attempts remained fruitless. Frustration mounted as this IT hiccup threatened your productivity and jeopardized your ability to complete your planned tasks for the day.

Finally, you submitted a support ticket detailing the issue. Hours later, a response arrived, explaining that employees were required to access the system via "erpvpn.mycompany.com" when using VPN. Ouch... a forgotten detail cost you half a workday.

Sounds familiar?

This can be solved by implementing a technique called split-view DNS.

Split-view DNS, also known as split-horizon DNS, allows administrators to present different DNS records to internal users on the local network compared to external users accessing the same domain from the internet. To put it another way, your "erp.mycompany.com" can be used every time but mapped to different IP addresses based on user location.

And if your company by any chance rely on AWS as cloud provider, you can implement it using Route 53 in five minutes.

In this example you will learn how to create a new DNS records from the scratch, so if you already have a registered domain please apply the actions selectively.

Prerequisites:

  • AWS Client VPN is set up and running
  • Route 53 is/will be used as DNS server

1) Open VPC that is associated with VPN and confirm that "DNS resolution" and "DNS hostnames" are enabled.

2) Open "Client VPN endpoints" from the VPC dashboard, select your endpoint, and then click "Modify client VPN endpoint".

3) Turn on "Enable DNS servers" and type "DNS server 1 IP address". This IP is your VPC CIDR that and with 2. For example, if your CIDR is 10.20.0.0/16, the DNS IP will be 10.20.0.2. Save the changes.

4) Open Route53 and then register a domain if you don't have one.

5) Next, create public and private hosted zones for the domain.

6) For each hosted zone create a new required A record. For example, in public zone create erp.mycompany.com=1.2.3.4 and in private erp.mycompany.com=4.3.2.1

That's it.

Now if you ping the domain, you will get 1.2.3.4 by default and 4.3.2.1 if you connected to VPN.

Looking for help? Reach me anytime.

Subscribe to AWS by Vlad Frantskevich

Don’t miss out on the latest issues. Sign up now to get updates.
jamie@example.com
Subscribe