On Tuesday, September 29, 2020 1:01:23 AM MST Lennart Poettering wrote: > On Mo, 28.09.20 23:37, John M. Harris Jr (johnmh@xxxxxxxxxxxxx) wrote: > > > > > Configure "." as "routing domain" on a specific iface and the lookups > > > wil go there preferably. If you put that on your VPN iface this means > > > DNS traffic goes there preferably. If you put that ont he main iface > > > this > > > means DNS traffic goes there preferably. > > > > > > > > Is that a NetworkManager setting or a systemd-resolved setting? Is that > > going to be exposed in the GUI, or is it something that gets hidden > > away? > > I am not an NM guy, but I think they expose this these days. I can > tell you definitely though that this is easily accessible via > "resolvectl domain <iface>" from the command line and from .network > networkd configuration files. > > > > How does systemd-resolved figure out what domains "should" be sent to a > > given connection's DNS server without some arcane incantation from the > > systemd docs? > > As mentioned elsewhere: > > 1) Search domains are implicitly routing domains: if an interface has > "redhat.com" as search domain we also use that as routing domain, > i.e. all *.redhat.com lookups will go to this interface and not to > others. > > 2) If neither search domains nor routing domains are configured on any > interface for a domain, lookups are routed to all interfaces in > parallel, and the first positive and last negative answer is used. > > i.e. focus is primarily on "let's make DNS work" and "let's make the > best of the little information we traditionally have", and any > further, more complex routing requires additional configuration in NM, > networkd or directly with resolvectl commands. > > Lennart Lennart, Search domains have absolutely nothing to do with routing. Search domains are specifically used for resolving non-FQDN to FQDN. This isn't a reliable way to see what domains are handled by a VPN, or by any DNS server. The Red Hat VPN is a good example of this, as not every internal subdomain is in search domains. That's the case for many VPNs, corporate or personal. -- John M. Harris, Jr. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
