On Fri, Nov 29, 2019 at 07:02:27AM +0100, Björn Ketelaars wrote:
> On Thu 28/11/2019 16:16, Otto Moerbeek wrote:
> > On Thu, Nov 28, 2019 at 03:26:34PM +0100, Otto Moerbeek wrote:
> >
> > > Hi,
> > >
> > > In many offices, split horizon DNS is used. This means that if you are
> > > in the office you are supposed to use a specific resolver that will
> > > hand out different results than when asking for the same name on the
> > > rest of the internet.
> > >
> > > Until now unwind could not really handle that, e.g. in recursing mode,
> > > it would produce the view as from outside of the office.
> > >
> > > With this diff, it becomes possible to force using a specific resolver
> > > when resolving names in specific domains.
> > >
> > > For example, with this unwind.conf:
> > >
> > > # Office forwarder
> > > forwarder 1.2.3.4
> > > force forwarder {
> > > myoffice.com
> > > dmz.colocation.com
> > > }
> > >
> > > This will make unwind always use the mentioned forwarder for anything
> > > under office.com or dmz.colocation.com. If the forwarder is dead,
> > > regular resolving is done for these names and www.office.com will
> > > likely return the external address.
> > >
> > > Often split-horizon DNS breaks DNSSEC for these specific domains. If
> > > that is the case, you can use
> > >
> > > force acceptbogus forwarder {
> > > ...
> > > }
> > >
> > > please test this,
> > >
> > > -Otto
> > >
> > > OAIndex: frontend.c
> >
> > Dont know hwre that OA is comming from. But it confuses patch, making
> > it skip first part of the diff. Proper diff below:
>
> @Home I'm redirecting all DNS requests to a machine with unbound serving
> a couple of local-zones. unwind didn't work for me as these local-zones
> would not resolve because of DNSSEC. With your diff, and the config
> below unwind works perfect.
>
> forwarder 10.0.0.1
> force acceptbogus forwarder {
> lan
> }
>
> I experienced no regression while using the free wifi service of the
> Dutch railways, which is known to do strange things with DNS.
Thanks for testing. The Dutch railways have been a great inspiration
to unwind work, as florian@ can telll you :-)
-Otto
