Where to start with Split-Horizon DNS?

complexpasta · September 14, 2023, 2:54am

Scenario:
I’ve got my LAN with subnet 192.179.0.0/24 and my Tailscale network with subnet 10.45.10.0/24. The goal is such that when on either, it resolves the domain example.com to the IP address relevant their relevant subnets. How do I realistically get this setup? I know pihole (currently running as DNS server) doesn’t allow you to have two A/AAAA records to solve this. Can adguardhome do this? I’ve found 2 other potential options, a bind9 server that uses views to solve this or have two piholes with the only difference being the example.com → (what ever subnet that DNS server is related too).

Any thoughts here is appreciated! SIdenote after figuring this out I want to write a guide here on how to do this. I’ve had headaches over this topic

Daniel · October 24, 2023, 6:53am

What I do is have the VPN IP in DNS at a subdomain like server-name.vpn.example.com, and override it to be the LAN IP on my local DNS server. You could do the same with AdGuard Home or PiHole.

You could also consider using Wireguard directly instead of via Tailscale, then you can use the same IP for both VPN and local LAN by routing the LAN IP over the tunnel. Tailscale might also allow you to do this with a subnet router if you router just a /32 (i.e. just individual IPs) over the tunnel, bug I haven’t tried that. If you do that, your home network’s IP range should be outside the commonly used IP ranges to try and ensure it doesn’t conflict with IPs on the network you’re VPNing in from.