On Thu, Jan 23, 2020 at 10:16:14AM +0000, Samuel Harmer wrote: > Dear List, > > Thoroughly enjoying NetworkManager (NM)! Just one thing I could not find an > obvious method to achieve so thought I would double-check. > > I am trying to work out how to define (in NM settings) an interface should > be used for unqualified lookups. Specifically *unqualified*, I can't make > use of search->fully-qualified as there are private web servers that expect > the browser to be requesting an unqualified hostname. I can't alter this > bizarre (imo) design choice. > > With pure dnsmasq I can use `[--]server=//192.168.n.n` and > `[--]server=/local/192.168.n.n` to specify a DNS server to send both > unqualified and private domain lookups to. > > With NM I can specify `nmcli [...] set ipv4.dns-search ~local` to have > private zones looked up via NM's dnsmasq (assuming `dns=dnsmasq`), but I > can't see a way to direct (all) unqualified lookups to the interface (or > rather the DNS server(s) provided by the DHCP server on the interface). > > The interface is not used as a default gateway, but I am guessing I could > fiddle around with adding back in `~.` and (misusing) ipv4.dns-priority so > all unqualified names go to a private DNS server(s) first, but this feels > like a cludge and would (I guess) still result in the unqualified names > being forwarded on to public DNS servers should one not exist in the > private DNS servers. > A less-cludgy inelegant alternative would be to `echo > "server-file=/etc/NetworkManager/unqualified.servers" > > /etc/NetworkManager/dnsmasq.d/unqualified`, then use a dispatcher to > populate unqualified.servers, followed by SIGHUP NetworkManager's dnsmasq > instance. > > Neither option feels right. > > Is this a missing feature or have I missed something?
Hi, unlike dnsmasq, NM doesn't have a way to specify that unqualified domains should be handled differently. Usually, in such cases a search domain is used, which gets appended by the resolver to the unqualified name and then it is also used as a routing domain to direct the query to a specific interface. Does you private resolver also reply to queries for qualified names with a specific local domain? If so, you can add 'mydomain' to 'ipv4.dns-search', and then if you type 'webserver' in the browser the resolver will query 'webserver.mydomain' through that interface. If that doesn't work for you, the only workarounds I can think of are the ones you already described. Beniamino
signature.asc
Description: PGP signature
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
