Re: DNS and rdomains

James Thu, 28 May 2020 07:18:23 -0700

Thanks. Your solution works but is not ideal for my situation. The
reason it's not ideal is that one of the rdomains gets its nameserver
from DHCP and I don't think unbound can read this information.

For example, In the case of a captive portal or floating between APs Iwould like DNS to work on different LANs where outbound DNS queries areblocked.

I'm trying to build an isolated network environment in which all traffic
is routed over an interface with a custom DNS server and no network leaks.

My solution so far is as follows:
     ___________      ___________
    |           |    |           |
    | rdomain0  |    |  rdomain1 |
    |   pair0   |----|    pair1  |
    |    tun0   |    |    wlan0  |
    |___________|    |___________|

        with pf tagging and NAT'ing tun0 traffic behind wlan0.
        rdomain0 DNS queries should be routed to a fixed address and
        rdomain1 DNS queries should be sent to the nameserver as per
        /etc/resolv.conf generated from dhclient.

Linux's implementation of network namespaces allows for custom

resolv.conf files per network namespace [1]. The problem Icurrently face is that only 1 rdomain can perform DNS queries at atime by modifying /etc/resolv.conf.


Thanks,



[1] https://www.man7.org/linux/man-pages/man8/ip-netns.8.html

On Wed, May 27, 2020 at 11:35:11PM +0100, Tom Smyth wrote:

howdy,

you can use symbolic links for /etc/rc.d/nsd   to /etc/rc.d/nsd1
and to    /etc/rc.d/nsd2  to  /etc/rc.d/nsdn  where 1,2 n are your  r
domains for your
dns servers (authoritive) or you can use unbound instead of nsd
if it is just a forwarding  dns server

then use  for a dns server for rdomain1
rcctl enable nsd1
rcctl set nsd1 rtable=1

repeat the procedure for each domain configured
rcctl enable nsd2
rcctl set nsd2 rtable=2

then go back to rdomain0
route -T0 exec ksh
and then run the following to start each of your daemons

rcctl start nsd1
rcctl start nsd2

and so on and so fourth...

I used to have issues starting and stopping daemons if I was not in
the correct domain when running the rcctl command,
I saw a diff by  ajacoutot   a few months / (years ago that might have
fixed the rcctl starting domains from a shell in a different
Rdomain...
I just got into the habit...  of going to the correct rdomain of the
daemon or rdomain0 before running the rcctl command to start / stop or
restart the daemon

Hope this helps,

Tom Smyth


On Wed, 27 May 2020 at 23:24, James <ja...@jmp-e.com> wrote:


Hi all,

How can I allow different rdomains to use separate DNS nameservers?

Thanks



--
Kindest regards,
Tom Smyth.

Re: DNS and rdomains

Reply via email to