On 15/04/2020 09:48, Florian Weimer wrote: >>> Is this expected to work with the Red Hat VPN out of the box, or do we >>> have to disable all this and use a custom configuration? Has this been >>> discussed with Infosec? It looks like this will break their DNS >>> sinkholing for domains such as REDHAT[.]CO (not COM). >> >> I think so long as the VPN interface has ~redhat.co in it's search >> list then queries for that domain will be forced to the servers for >> that interface if that's what is required? > > Does OpenVPN log the list of these domains somewhere? Or do they have > to be configured manually? I think a lot will depend on exactly how it is setup. My openvpn setups on linux tend to use an up script to configure DNS things so my VPN to home just has an up script that does: resolvectl dns $1 172.16.15.1 172.16.15.2 172.16.15.5 resolvectl domain $1 ~compton.nu ~15.16.172.in-addr.arpa ~d.b.0.0.0.b.8.0.1.0.0.2.ip6.arpa resolvectl flush-caches To set the DNS servers on the interface and force routing of certain domains to it. I'm not sure OpenVPN itself has any way to do DNS setup automatically on linux but the NetworkManager integration might, I don't use that though. Tom -- Tom Hughes (tom@xxxxxxxxxx) http://compton.nu/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
