On Fri, Apr 18, 2008 at 04:17:48PM +1000, Amos Shapira wrote:
> On Fri, Apr 18, 2008 at 3:55 PM, Howard Lowndes <[EMAIL PROTECTED]> wrote:
> >
> >
> > Amos Shapira wrote:
> >
> > > On Fri, Apr 18, 2008 at 3:06 PM, Howard Lowndes <[EMAIL PROTECTED]>
> > wrote:
> > >
> > > >
> > > > > I did this and it was successful, both for internal and external
> > domains
> > > > >
> > > > (tks Amos for that suggestion), and here are the lines from
> > /etc/named.conf:
> > > >
> > >
> > > And how does it work when the VPN is NOT connected? Is it smart enough
> > > to figure out not to try 10.2.2.{1,41} when the VPN is down and go
> > > directly to the external DNS?
> > >
> >
> > Basically, yes. It obviously won't resolve internal fqdns because they are
> > not reachable anyway, neither are the internal dns servers, but the resolver
> > still tries the localhost dns server first (as it is the first nameserver in
> > the /etc/resolv.conf file) to resolve an external address and the "forward
> > first" clause causes the localhost dns server to try the (now inaccessible)
> > forwarders just the once and then give up, and the resolver then goes on to
> > try the other dhcp supplied name servers. Thus there is a small delay in dns
> > resolution but I don't see it as a major problem. I guess if you used the
> > "forward only" clause then it might knicker up.
>
> I was hoping for something more along the lines of "when the VPN link
> goes down - reconfigure:
> 1. Remove the "search soho.lannet.com.au" line from resolv.conf
> 2. Reconfigure local DNS server to forget about the "zone
> soho.lannaet.com.au" part.
why not have 2 resolv.conf something like resolv.conf.{a,b}, then
symlink to resolv.conf.attach a script on vpn up to symlink .a and when the vpn is down to symlink .b Alex > > I'm sure it's doable. Will try to get to it over the weekend (need to > be outside the office to test this). > > Maybe it's less relevant to you because you still want to use the same > name but get the "external view" when the VPN is disconnected, right? > > Cheers, > > --Amos > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- "It's unacceptable to think that there's any kind of comparison between the behavior of the United States of America and the action of Islamic extremists who kill innocent women and children to achieve an objective." - George W. Bush 09/15/2006 Washington, DC White House Press Conference
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
