Configure DNS routing domains when using systemd-resolved on Linux

[scareything]

ziti-edge-tunnel currently sets itself up as a DNS server with systemd-resolved, but it doesn't set the "routing domains" to the specific domains that are being intercepted. This means that:

• systemd-resolved sends DNS queries for ziti domains to all DNS servers that are configured with systemd-resolved
  • corollary: if a ziti domain happens to be available in public DNS, systemd-resolved may choose the public DNS server's response over the one that ziti-edge-tunnel provides
• systemd-resolved sends all DNS queries to ziti-edge-tunnel's DNS server, even though ziti-edge-tunnel probably won't have an answer
  • this can make a decent amount of busy work for ziti-edge-tunnel, which does all of its processing in a single thread

Setting the routing domains for the zitiN interface to the list of intercepted domains would solve these problems. This would also match the behavior that we see with the Desktop tunnelers.

[qrkourier]

We could hard code that behavior in ZET and it would be useful. Still, if ZET provided a configuration hook or plug-in runner for this, then I can imagine how useful that would be for both:

• configuring systemd-resolved's routing domains
• configuring CoreDNS's forwarding namespaces

For example, if a domain name is added or removed to ZET's list of intercepts, it could sort and execute each in /opt/openziti/etc/domain-hooks.d/ with a parameter scheme like {include_hook} [add|del] DOMAIN.