Can not reslove DNS per interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Environment: Fedora 29, Systemd version: 241. (My NetworkManager use systemd-resolved as a DNS resolver)

I setup a VPN, and my VPN created a virtual interface (named tun0). I use iptables to mark some processes packets and let these packets go through this virtual interface.

I add a DNS in this tun0 device, and want those marked processes to use this DNS to resolve domain. Also I want other processes to use my default network interface's (name enp7s0) DNS to resolve domain. The marked processes don't use enp7s0 interface DNS, and other process don't use tun0 interface DNS.

I try to configure my interface DNS settings many times, but I still can't solve my problem. systemd-resolved always sends DNS resolve requests to each of my interface's DNS (my tun0 DNS and my default network device DNS) in parallel. I checked this PR (https://github.com/systemd/systemd/pull/11050) and upgrade my systemd to 241 and try to use default route settings, but I still failed.

My current resolvectl status:
Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
Fallback DNS Servers: 8.8.8.8
                      ...
          DNSSEC NTA: 10.in-addr.arpa
                      ...

Link 13 (tun0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 9.9.9.9
         DNS Servers: 9.9.9.9
          DNS Domain: ~.

Link 7 (enp7s0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 1.1.1.1
         DNS Servers: 1.1.1.1
          DNS Domain: ~.

I also try to remove all DNS domain and set default route settings yes per interface, but I still failed.

The command I use to mark some processes for my tun0 interface:
# iptables -A OUTPUT -t mangle -m owner --gid-owner 1001 -j MARK --set-mark 1
# ip rule add fwmark 1 table 100
# ip route add table 100 default dev tun0
# iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE

Is any way to let my marked processes's DNS resolve requests only go through my tun0 interface DNS, and others go through enp7s0 interface DNS? Thank you in advance.
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux