Josh Grosse <j...@jggimi.net> wrote:
> On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote:
> > my computer is connected to a LAN, from which it obtains its
> > IP and also local-DNS-server IP via DHCP. The latter is then
> > inserted into /etc/resolv.conf by, I believe, resolvd. The
> > computer is furthermore connected via wireguard VPN to
> > another network with its own DNS server, serving the local
> > IPs there. The DNS server in my LAN, of course, does not
> > know the (non-public) IPs in the remote network. However, as
> > it comes 1st in /etc/resolv.conf, the nameserver that comes
> > next (I manually added it to the file) --- and which would
> > know the answer --- is never asked. I can stop resolvd and
> > use the DNS server within the VPN for all the traffic. But
> > I'd still prefer to have most of the work done by the local
> > DNS server, and only if it doesn't know I would ask the
> > server in the VPN. Is there anything simple I can do?
>
> Take a look at unwind(8) and unwind.conf(5).
Ok. Creating /etc/unwind.conf with
forwarder {X.X.X.X}
where X.X.X.X is the IP address of the DNS server within the VPN,
and turning on unwind with
;rcctl enable unwind
;rcctl start unwind
does do something, in the sense that I get all the symbolic
names resolved. But can I tell what DNS server was asked for
the translation? --- so that I can check that it is the
local nameserver (as obtained from the local DHCP server)
that gets queried first and only when it does not know the
answer, unwind asks VPN DNS server (X.X.X.X above) for the
answer?
Thanks.
Ruda
