On Wed, 20 Jun 2012, Kevin Fenzi wrote:
Connect your vpn, etc.
Then tell unbound what you want it to do:
unbound-control forward_add redhat.com x.x.x.x y.y.y.y
unbound-control forward_add yourdomain z.z.z.z
(unbound-control gives you a lot of control, you can flush cache, setup
forward, see it's man page or help for all the options).
I'm not sure how hard/possible it is for dnssec-trigger to get this
info from the vpn/NM and just set it for you.
You need to do a little more, see /usr/lib/ipsec/_updown.netkey which
is where openswan handles this:
updateresolvconf() {
if [ -n "$PLUTO_CISCO_DNS_INFO" ]; then
if [ -n "`pidof unbound`" -a -n "$PLUTO_CISCO_DOMAIN_INFO" ];
then
echo "updating local nameserver for $PLUTO_CISCO_DOMAIN_INFO with
$PLUTO_CISCO_DNS_INFO"
/usr/sbin/unbound-control forward_add $PLUTO_CISCO_DOMAIN_INFO
$PLUTO_CISCO_DNS_INFO
/usr/sbin/unbound-control flush_zone $PLUTO_CISCO_DOMAIN_INFO
return
fi
fi
restoreresolvconf() {
if [ -n "$PLUTO_CISCO_DNS_INFO" ]; then
if [ -n "`pidof unbound`" ]; then
echo "flushing local nameserver of $PLUTO_CISCO_DOMAIN_INFO"
/usr/sbin/unbound-control forward_remove
$PLUTO_CISCO_DOMAIN_INFO
/usr/sbin/unbound-control flush_zone
$PLUTO_CISCO_DOMAIN_INFO
fi
return
fi
The flush_zone is needed so you can access the domain again using the
public view DNS.
Paul
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
