Jeremy, That seems viable. And fairly straightforward. I'll give it a try and let you know how it goes.
I've seen a fair bit of traffic around similar macports issues, but this is the first mention I've seen for this solution. Did I miss the recommendation? If so, is there something we could do to make this approach a bit more visible to others with the same problem? Tim Hart On Oct 23, 2013, at 4:17 PM, Jeremy Lavergne <[email protected]> wrote: > You'd be using dnsmasq as a local cache, filtering with its bogus-nxdomain > directive. If you make a query and it doesn't have the record cached, it'll > ask the upstream (VPN's DNS). > > You'll want to look at the "bogus-nxdomain" directive. From the example > config file: > # If you want dnsmasq to detect attempts by Verisign to send queries > # to unregistered .com and .net hosts to its sitefinder service and > # have dnsmasq instead return the correct NXDOMAIN response, uncomment > # this line. You can add similar lines to do the same for other > # registries which have implemented wildcard A records. > #bogus-nxdomain=64.94.110.11 > > You'd also want at least these two lines: > listen-address=127.0.0.1 > no-dhcp-interface=127.0.0.1 > > Once installed, configured and started, you can point your system at the > local DNS first. Under your network connection, set the DNS to 127.0.0.1 > first followed by whatever else the network provides. Depending on how your > VPN operates (is it its own connection in the system preferences?) this might > be perfect or it'll be too rigid and need changed when each connection uses a > different DNS server. > > If it doesn't seem viable, another option is to use a firewall to block the > search IP address that we would have configured in bogus-nxdomain. > > On Oct 23, 2013, at 5:08 PM, Timothy Hart wrote: > >> I appreciate the help. I'm not familiar with dnsmasq. I'm inferring that I >> can set it up as my sole DNS source, and have it configured to behave as >> expected? We've been given the IP addresses of a couple internal DNS servers >> that behave appropriately, but our VPN DNS configuration continues to >> misbehave. The tricky part is that we'd still need to use the VPNs DNS >> server when we're connected off-site in order to resolve org specific names. >
_______________________________________________ macports-users mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-users
