Best Practice: DNS and VPN (with private network IPs) [closed]
Solution 1:
Solution 1 is the correct solution. If uses are connecting over VPN, all traffic including DNS should be running over the VPN. The VPN should be pushing one or more DNS server addresses.
You should not be providing either .local
or private IP addresses over the Internet. Solution 4 is broken, as would be solution 3.
If you have distributed offices, using VPN to interconnect them, then use a DNS server in each site. In this case you are likely to have DHCP running on each site, and it should be providing the DNS server addresses.
Most browsers will cache DNS names for a period of time. You can also install a name server caching daemon on Linux which will cache addresses.
If it is your sites that are pulling from so many hosts that load times are excessively slow, then you may want to look as simplifying your sites. Normally, a page would load from 1 to 3 sites, excluding add content. It is possible to proxy content through servers as well to limit the number of DNS lookups required.