Hello DNS experts, Hi Paul, I am looking for correct way to autoconfigure split DNS. By that, I mean something that dnssec-trigger prepares, when I connect to our enterprise VPN. It keeps most of queries to original connection servers provided.
But for special internal domains, it redirects queries on local running unbound server to addresses provided by VPN connection. Similar way behaves systemd-resolved and dnsmasq configured by Network Manager. I think they use DHCP option 119 [1], which was originally used for different thing. It is already used and can be used as a hint. But its purpose is to search relative names. I found only explicit configuration for IKEv2 [2], which provides required information. Am I missing standard way to pass internal domains on VPN connections for different types? Is there any best practice or recommendation how to configure it in general? Is it so uncommon to have split horizon setup with internal connection? I hope I don't know just correct terminology, could you help with that? Is there DHCP option 119 alternative, which means list of internal domains without additional search hints? Is there other way to configure it? Thank you in advance. Best regards, Petr 1. https://tools.ietf.org/html/rfc3397 2. https://tools.ietf.org/html/rfc8598 -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: [email protected] PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
OpenPGP_0x4931CA5B6C9FC5CB_and_old_rev.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
