On Fri, Mar 22, 2019, 15:32 Lejia Chen <monsoon.cl@xxxxxxxxx> wrote:
Environment: Fedora 29, Systemd version: 241. (My NetworkManager use systemd-resolved as a DNS resolver)I setup a VPN, and my VPN created a virtual interface (named tun0). I use iptables to mark some processes packets and let these packets go through this virtual interface.I add a DNS in this tun0 device, and want those marked processes to use this DNS to resolve domain. Also I want other processes to use my default network interface's (name enp7s0) DNS to resolve domain. The marked processes don't use enp7s0 interface DNS, and other process don't use tun0 interface DNS.I try to configure my interface DNS settings many times, but I still can't solve my problem. systemd-resolved always sends DNS resolve requests to
There's the key part: systemd-resolved sends the DNS requests – not your processes themselves. So the iptables rules are never matched because the packets are generated by a different process with a different UID.
There is no way for systemd-resolved to know what fwmark would have been applied to the original process, iptables rules are only known to iptables itself.
(in fact, if you use the DNS emulation at 127.0.0.53, I'm not sure if systemd-resolved even knows which process sent the request.. )
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
