Hi,
in my home network I have different clients (win/lin/mac) where I open tunnel interface (vpn) to my company network. site2site is not an option at the moment. Concurrent vpn connections are not possible. For privacy concerns I want to use the company's dns only for intranet resources.
I'm searching for a centralized solution with my pihole/dnsmasq to tell the clients:
for domain company.com ask companys dns server 10.10.10.10 (which is in private ip range)
I tried to add
server=/company.com/10.10.10.10
to a dnsmasq.d conf file, but this fails (of course)
The problem is the pihole doen't know a route to 10.10.10.10 because there's not tunnel for this device.
dnsmasq shoud not to try to resolve request like fs.company.com but tell the client: use this (10.10.10.10) server for your request and try it again
Quote obviously, this isn't a Pi-hole or general DNS issue.
DHCP has no way to configure conditional DNS servers (and without additional software, most OSs would just be able to configure a set of general DNS servers to use anyway).
You could consider to install dnsmasq on the clients that need to resolve VPN provided domains and configure that in the conditional way you described.
Alternatively, you could tackle this as a routing issue.
It should be easy enough to add a route from your Pi-hole machine to the machine that operates the VPN connection.
The tricky part would be to get that machine to act as a router and accept those DNS requests, forward those through the VPN tunnel and return the replies correctly.
Alternatively, you'd need a VPN client on the Pi- hole machine itself.
You should consider to consult other forums specializing in routing and VPNs, and you should probably seek advice from your company admins as well.