On 2021-07-20, Timo Myyrä <timo.my...@bittivirhe.fi> wrote:
> Hi,
>
> Just started testing the new dhcleased,resolvd stuff and noticed that
> DNS resolution won't work correctly once I open my VPN connection. Name
> resolution works for external domains but not for the internal domains
> resolved by the interal DNS servers.
>
> I'm using openconnect to setup VPN tunnel and it runs the
> /etc/vpnc-script to setup networking after initing the tunnel. This
> script adds the nameserver entries into /etc/resolv.conf.
> But these entries in /etc/resolv.conf are done below following line:
> nameserver 127.0.0.1 # resolvd: unwind
>
> This means the unwind is handling the DNS query passing and it doesn't
> seem to notice the DNS server entries given by openconnect.
>
> What would be a good method to get DNS resolution working after running
> openconnect? I'd like to prepend the DNS servers from VPN connection so
> they are queried first, then fallback to other servers.
>
> Timo
>
>
Untested but I would use unwind and try something like
forwarder <address>
preference recursor oDoT-dhcp dhcp stub
force forwarder {vpndomain.com}
For the forwarder address you might be able to statically configure
it, if not then you could modify vpnc-script to have it update the
address in unwind.conf and reload it.
