On 15/04/2020 09:48, Florian Weimer wrote:

>>> Is this expected to work with the Red Hat VPN out of the box, or do we
>>> have to disable all this and use a custom configuration?  Has this been
>>> discussed with Infosec?  It looks like this will break their DNS
>>> sinkholing for domains such as REDHAT[.]CO (not COM).
>>
>> I think so long as the VPN interface has ~redhat.co in it's search
>> list then queries for that domain will be forced to the servers for
>> that interface if that's what is required?
> 
> Does OpenVPN log the list of these domains somewhere?  Or do they have
> to be configured manually?

I think a lot will depend on exactly how it is setup. My openvpn
setups on linux tend to use an up script to configure DNS things
so my VPN to home just has an up script that does:

resolvectl dns $1 172.16.15.1 172.16.15.2 172.16.15.5
resolvectl domain $1 ~compton.nu ~15.16.172.in-addr.arpa 
~d.b.0.0.0.b.8.0.1.0.0.2.ip6.arpa
resolvectl flush-caches

To set the DNS servers on the interface and force routing of
certain domains to it.

I'm not sure OpenVPN itself has any way to do DNS setup automatically
on linux but the NetworkManager integration might, I don't use that
though.

Tom

-- 
Tom Hughes (t...@compton.nu)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Reply via email to