Stuart Henderson <[email protected]> [2021-07-20, 11:24 +0000]:
> On 2021-07-20, Timo Myyrä <[email protected]> wrote:
>
>> Hi,
>>
>> Just started testing the new dhcleased,resolvd stuff and noticed that
>> DNS resolution won't work correctly once I open my VPN connection. Name
>> resolution works for external domains but not for the internal domains
>> resolved by the interal DNS servers.
>>
>> I'm using openconnect to setup VPN tunnel and it runs the
>> /etc/vpnc-script to setup networking after initing the tunnel. This
>> script adds the nameserver entries into /etc/resolv.conf.
>> But these entries in /etc/resolv.conf are done below following line:
>> nameserver 127.0.0.1 # resolvd: unwind
>>
>> This means the unwind is handling the DNS query passing and it doesn't
>> seem to notice the DNS server entries given by openconnect.
>>
>> What would be a good method to get DNS resolution working after running
>> openconnect? I'd like to prepend the DNS servers from VPN connection so
>> they are queried first, then fallback to other servers.
>>
>> Timo
>>
>>
>
> Untested but I would use unwind and try something like
>
> forwarder <address>
> preference recursor oDoT-dhcp dhcp stub
> force forwarder {vpndomain.com}
>
> For the forwarder address you might be able to statically configure
> it, if not then you could modify vpnc-script to have it update the
> address in unwind.conf and reload it.
Thanks, this works somewhat:
forwarder { $ip1 $ip2 }
force accept bogus forwarder { $internal_domain1 }
force accept bogus forwarder { $internal_domain2 }
...
A bit cubersome to list all internal domains but I there shouldn't be
that many of them in day-to-day use.
The DNS server IP's are pretty much static so manually adjusting the
unwind.conf is doable.
Timo
