Unbound can use root hints And you can over ride nameservers learned from dhclient Check man dhclient for more info
And Set your resolv.conf nameservers to 127.0.0.1 Peace out On Thursday, 28 May 2020, James <ja...@jmp-e.com> wrote: > Thanks. Your solution works but is not ideal for my situation. The > reason it's not ideal is that one of the rdomains gets its nameserver > from DHCP and I don't think unbound can read this information. > > For example, In the case of a captive portal or floating between APs I > would like DNS to work on different LANs where outbound DNS queries are > blocked. > I'm trying to build an isolated network environment in which all traffic > is routed over an interface with a custom DNS server and no network leaks. > > My solution so far is as follows: > ___________ ___________ > | | | | > | rdomain0 | | rdomain1 | > | pair0 |----| pair1 | > | tun0 | | wlan0 | > |___________| |___________| > > with pf tagging and NAT'ing tun0 traffic behind wlan0. > rdomain0 DNS queries should be routed to a fixed address and > rdomain1 DNS queries should be sent to the nameserver as per > /etc/resolv.conf generated from dhclient. > > Linux's implementation of network namespaces allows for custom > resolv.conf files per network namespace [1]. The problem I currently face > is that only 1 rdomain can perform DNS queries at a time by modifying > /etc/resolv.conf. > > Thanks, > > > > [1] https://www.man7.org/linux/man-pages/man8/ip-netns.8.html > > On Wed, May 27, 2020 at 11:35:11PM +0100, Tom Smyth wrote: > >> howdy, >> >> you can use symbolic links for /etc/rc.d/nsd to /etc/rc.d/nsd1 >> and to /etc/rc.d/nsd2 to /etc/rc.d/nsdn where 1,2 n are your r >> domains for your >> dns servers (authoritive) or you can use unbound instead of nsd >> if it is just a forwarding dns server >> >> then use for a dns server for rdomain1 >> rcctl enable nsd1 >> rcctl set nsd1 rtable=1 >> >> repeat the procedure for each domain configured >> rcctl enable nsd2 >> rcctl set nsd2 rtable=2 >> >> then go back to rdomain0 >> route -T0 exec ksh >> and then run the following to start each of your daemons >> >> rcctl start nsd1 >> rcctl start nsd2 >> >> and so on and so fourth... >> >> I used to have issues starting and stopping daemons if I was not in >> the correct domain when running the rcctl command, >> I saw a diff by ajacoutot a few months / (years ago that might have >> fixed the rcctl starting domains from a shell in a different >> Rdomain... >> I just got into the habit... of going to the correct rdomain of the >> daemon or rdomain0 before running the rcctl command to start / stop or >> restart the daemon >> >> Hope this helps, >> >> Tom Smyth >> >> >> On Wed, 27 May 2020 at 23:24, James <ja...@jmp-e.com> wrote: >> >>> >>> Hi all, >>> >>> How can I allow different rdomains to use separate DNS nameservers? >>> >>> Thanks >>> >>> >> >> -- >> Kindest regards, >> Tom Smyth. >> >> -- Kindest regards, Tom Smyth.
