I guess I need try to workaround my problem in some other ways (like disable systemd-resolved and use iptables to redirect my DNS request). Thank you anyways.
On Sat, Mar 23, 2019 at 12:27 AM Mantas Mikulėnas <[email protected]> wrote: > > > On Fri, Mar 22, 2019, 15:32 Lejia Chen <[email protected]> wrote: > >> Environment: Fedora 29, Systemd version: 241. (My NetworkManager use >> systemd-resolved as a DNS resolver) >> >> I setup a VPN, and my VPN created a virtual interface (named tun0). I use >> iptables to mark some processes packets and let these packets go through >> this virtual interface. >> >> I add a DNS in this tun0 device, and want those marked processes to use >> this DNS to resolve domain. Also I want other processes to use my default >> network interface's (name enp7s0) DNS to resolve domain. The marked >> processes don't use enp7s0 interface DNS, and other process don't use tun0 >> interface DNS. >> >> I try to configure my interface DNS settings many times, but I still >> can't solve my problem. systemd-resolved always sends DNS resolve requests >> to >> > > There's the key part: *systemd-resolved* sends the DNS requests – not > your processes themselves. So the iptables rules are never matched because > the packets are generated by a different process with a different UID. > > There is no way for systemd-resolved to know what fwmark would have been > applied to the original process, iptables rules are only known to iptables > itself. > > (in fact, if you use the DNS emulation at 127.0.0.53, I'm not sure if > systemd-resolved even knows which process sent the request.. ) >
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
