On Mon, 2020-09-28 at 23:37 -0700, John M. Harris Jr wrote: > On Monday, September 28, 2020 12:42:32 PM MST Lennart Poettering > wrote: > > On Mo, 28.09.20 12:14, Paul Wouters (paul@xxxxxxxxx) wrote: > > > > > > > On Mon, 28 Sep 2020, Michael Catanzaro wrote: > > > > > > > > > > > > > I don't think it would be smart for employees to voluntarily > > > > opt-in to > > > > sending all DNS to their employer anyway... there's little > > > > benefit to > > > > the employee, and a lot of downside. > > > > > > > > > Again, it is not up to systemd to limit valid use cases. > > > > > > > > > > > > Perhaps Listen or read to Paul Vixie, father of many Bind > > > software > > > releases: > > > > > > https://www.youtube.com/watch?v=ZxTdEEuyxHU > > > > > > > > > > > > https://www.theregister.com/2018/10/23/paul_vixie_slaps_doh_as_dns_privacy > > > _feature_becomes_a_standard/ > > > > > > There are use cases for and against routing all DNS over your > > > VPN. If > > > systemd wants to play system resolver, it needs to be able to be > > > configured for either use case. You don't get to limit our use > > > cases. > > > > Configure "." as "routing domain" on a specific iface and the > > lookups > > wil go there preferably. If you put that on your VPN iface this > > means > > DNS traffic goes there preferably. If you put that ont he main > > iface this > > means DNS traffic goes there preferably. > > > > Ideally you'd use more fine grained routing domains however. > > > > Lennart > > Lennart, > > Is that a NetworkManager setting or a systemd-resolved setting? Is > that going > to be exposed in the GUI, or is it something that gets hidden away? NM gets "routing domains" for a given connection (eg, network interface) from a couple different sources: 1) DHCP 2) SLAAC RDNSS 3) VPN 4) manually configured in the connection info, eg: nmcli con mod rh-openvpn ipv4.dns-search "foobar.com" It passes this information on to resolved or its own local caching DNS configuration which uses dnsmasq, which both use it for directing lookups for those domains to the DNS servers detected/configured for that interface. Dan > How does systemd-resolved figure out what domains "should" be sent to > a given > connection's DNS server without some arcane incantation from the > systemd docs? > > -- > John M. Harris, Jr. > > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
