On Tue, 2020-09-29 at 09:18 -0700, John M. Harris Jr wrote: > On Tuesday, September 29, 2020 5:13:48 AM MST Zbigniew Jędrzejewski- > Szmek > wrote: > > On Mon, Sep 28, 2020 at 11:41:12PM -0700, John M. Harris Jr wrote: > > > > > On Monday, September 28, 2020 9:39:17 AM MST Michael Catanzaro > > > wrote: > > > > > > > You can do this, but again, you need to use the command line. > > > > E.g. > > > > 'resolvectl dns tun0 8.8.8.8' > > > > > > > > We're actually no longer debating how systemd-resolved works; > > > > rather, > > > > we're now debating how NetworkManager chooses to configure > > > > systemd-resolved. systemd-resolved just does what it's told to > > > > do. It's > > > > > > > > actually NetworkManager that decides to split DNS according to > > > > routing > > > > by default as a matter of policy. It could do otherwise if it > > > > wanted > > > > to, but I think this is a good default. Nothing stops you from > > > > changing > > > > > > > > it though. :) > > > > > > Michael, > > > By what mechanism does NetworkManager "split DNS according to > > > routing"? If > > > it hasn't already made a request from both your cleartext and > > > your VPN > > > connection's DNS servers, it has no way of knowing what network > > > should be > > > used to get the right results. Routing and DNS are unrelated. > > > > NetworkManager pushes DNS server configuration (and associated bits > > like > > domain search and routing domains) over dbus to resolved. That way > > it > > "[tells resolved how to] split DNS according to routing". Of > > course, after > > the name has been resolved to an IP address, the packets to that IP > > address > > are routed too. So there is "routing" in the sense of deciding > > which > > interface is appropriate for a given DNS name and "routing" in the > > sense of > > deciding which interface is appropriate for a given IP address. > > It seems that the terminology is fairly confusing, considering it's > right > alongside actual routing configuration.. Okay, so "routing" means > something > wildly different than you'd think with systemd-resolved, got it. > > In most cases, in order to get to a DNS server inside a VPN, your > packets have > to have a route which can reach the IP of that server for that > interface, > which is configured using NetworkManager (or a VPN config file, > imported into > NM). Anyone that understands basic networking will likely be confused > by this > terminology. > > That aside, where in NetworkManager do these "routing domains" get > specified?
In the connection itself (GUI or CLI), or they come from DHCP or SLAAC or the VPN. nmcli con mod rh-openvpn ipv4.dns-search "foobar.com" nmcli con mod rh-openvpn ipv4.never-default true combined with having a local caching DNS server (or resolved) enabled will route queries for those search domains only to the VPN-provided DNS servers. There are corresponding GUI boxes for these in nm-connection-editor, GNOME network settings, and KDE. Dan > -- > John M. Harris, Jr. > > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
