DNS servers not used for name resolution (question) #37
Comments
I think the rationale in the README explains it: https://github.com/dlenski/vpn-slice#introduction If you are okay with any/all lookups going through your VPN's internal DNS servers, then you may not want to use A “fancier” This “fancier” version would support something like a A well-thought out proposal and patches for how to implement this would be welcome. :)
Hmm… really? What apps, and what OS? I've used |
dlenski
added
the
fancy-split-DNS
|
I still see value on using I was thinking on having a simple flag added to The app I was testing was NoMAD, for Mac and, to be honest, after using this script for weeks, it's the only app didn't like |
Yeah. That's reasonable. Unfortunately, even just a We'd need to pull in some of the OS-specific DNS-handling code from the “standard” Want to take a crack at a pull-request to design, and implement it at least for macOS?
Ah, that's quite an interesting case 👌. As I understand it, Windows/AD have done name resolution in a whole bunch of ridiculous/confusing/inconsistent/proprietary/undocumented ways. I don't know anything about NoMAD, but I wouldn't be surprised if it implements its own name resolution to try to mimic the behavior of Windows here. |
|
Sure, will try to create a PR for this. Thanks! |
|
Love an idea to use vpn DNS only for specified domain |
|
Resurrecting this a bit. Would it be possible though to add a variable to use specified DNS server? I've set up unbound DNS server for split-horizon dns lookups and defined my zones there, but everytime i'm connecting with openconnect + vpn-slice I have to manually adjust DNSes (I mean not manually, i've set up locations on macos so it's quite fast switch) but it would be nice if there was an option like --use-dns=<> to provide a dns (possibly a list) to use when connecting. |
Patches welcome. 👍 They'd need to capture most of the complex, messy, platform-variant behavior of the DNS updates from |
|
If only I knew python .... ;) |
Python is a language with a low entrance hurdle. So the biggest issue to to find some motiviation to give it a try. You have that now. |
|
Well put, @mschilli87 … that's basically how this whole project started in the first place. 👍 👍 |
Actually, having lookups go through VPN DNS servers, but having all the outside traffic go via the ISP connection is a good workaround until fancy-split-DNS is implemented. But as I understand, there is no resolvconf support at the moment (or any other way of modifying resolv.conf), right? I'll think how to port #72 solution to linux.. The global idea is to propagate the INTERNAL_IP4_DNS value(s) together with the hand-crafted list of vpn domains (--domains-vpn-dns) to dnsmasq config, right? |
|
Ok, so the dnsmasq and resolvconf parts turned out to be pretty straightforward: resolv_conf=/etc/resolv.conf private_interfaces="tun0" $cat /etc/dnsmasq.conf at the moment this works with manual addition of dns[01].tun0 servers via a shell script: cat <<EOF | /usr/bin/resolvconf -a tun0 So what is left is the integration of this script into vpn-slice and the propagation of the internal domains list from --domains-vpn-dns to the search-list |
|
PR with the Linux support #78 |
Hello,
Is there any reason why the VPN Slice script wouldn't add the VPN DNS servers to the host for name resolution?
At the moment, the DNS servers are only added to the /etc/hosts file and used for resolving only the domains provided as parameters.
Although this generally works, I found some apps that ignore the /etc/hosts and fail when resolving internal DNS records. Modifying my resolv.conf fixes the issue but I would like to understand if this is something the script itself could do at start up time.
Thanks,
Jonathan
The text was updated successfully, but these errors were encountered: