Closed Greelan closed 4 years ago
Is https://github.com/systemd/systemd/issues/10081 related?
Possibly is, thanks for the reference. Of course, the routing-only domain setting under update-systemd-resolved
is different to that example, but it seems the underlying behaviour is equivalent.
The thread you referenced does suggest a workaround for me, by specifying the reverse DNS domains associated with the local search domain in a .network
config. Clunky, but should address the issue.
If it's the case that this is a behaviour of systemd
itself, then I guess it is independent of the update-systemd-resolved
script and so I will close this issue.
PS - ended up adding the reverse DNS domains to my netplan
config, rather than .network
, as a config created for the latter appears to be either/or with DHCP (ie you can't just add domains to those served by DHCP).
you can't just add domains to those served by DHCP
You might be hitting https://github.com/systemd/systemd/issues/8174
Nah, that looks different. Thanks anyway.
Hi @jonathanio , thanks very much for your script. I've used it for some time and it addresses DNS leakage issues for me when using OpenVPN.
One behaviour though I have noticed is that using the
DOMAIN ROUTE .
option breaks local reverse DNS lookup. When I don't have OpenVPN running (and the script has not updated the DNS servers), I can happily do a reverse DNS lookup on local IPs. However, when the script does its work, local reverse DNS queries do not make it to the gateway (local DNS server) - they instead go over the OpenVPN tunnel and as a result return NXDOMAIN.I realise the behaviour of
DOMAIN ROUTE .
is to ensure that all DNS queries not related to the DNS domain specifically associated with another interface, are routed to the default route interface. Local domain name lookups work fine, since my local domain is listed on the non-tunnel interface as the DNS domain. Is there some way of replicating that behaviour for reverse DNS lookups? That is, I want both DNS lookups on local domain names, and reverse DNS lookups on local IPs, to be directed to the local DNS server, rather than going down the tunnel.Thanks!