0
I'm specifically on Linux (Mint, and Ubuntu derivative running the systemd resolver, but dnsmaq is also readily available) and have the following puzzling scenario:
My PC sits on a LAN and has its IP and nameservers configured through DHCP. The DHCP server in turn (on this particular LAN) is also a DNS (running the Knot resolver) and configures clients to with only one DNS, itself (which happens to be on 192.168.0.1)
This local DNS is also the the LAN gateway as it happens performing NAT resolution as needed as needed, but most importantly the Knot resolver is helpfully aware of all the LAN devices by name and so it will resolve any name that lacks a TLD (top level domain) or that has a TLD of .lan to the LAN node with that name (typically another device on the 192.168.0 subnet and all others it uses the DNSs that its DHCP server configured for it (that of my ISP) that provides global name resolution.
It all works a dream. Until I connect to a VPN. What happens then is the vpn client (and it doesn't matter which, I have used vpnc, the Cisco client and fortigate client and they all do the same) reconfigures the nameservers.
This is as it should be, in most use cases and ideal. I'm now on the VPN and the VPN namesevers provide the self same utility that my Knot resolver does on my local LAN, namely it resolves all the local LAN names as best it can and then defers to its upstream DNS for global resolution. Now that I'm on VPN I have VPN name resolution. Wonderful.
But, as my Knot resolver is no longer consulted my local LAN names no longer resolve. So suddenly printing fails me, access to my NAS fails me etc.
I can see how this is changing in /etc/resolv.conf. The VPN client changes it, and when it closes the link reverts is.
IN my case the VPN is on the 192.169.1 subnet and it configures me two nameservers 192.168.1.11 and 192.168.1.12. All good and well.
But can I do something after the VPN client connects to configure my PC to resolve names in a cascade, that is with this particular example:
Try 192.168.1.11 and if if it fails to resolve a name try 192.168.1.12 and if it fails to resolve the name try 192.168.0.1.
I'm having real trouble from docs and on-line searches nailing an answer to this. I'd be happy if the systemd resolver or dnsmasq can be configured to do that, or some other installable resolver for that matter.
It would seem a fairly vanilla demand? To be able to resolve names through a cascading list of nameservers. Which leads me to suspect there is some vanilla solution, that I've simply been blind to and not found in my readings.
Bernd Wechner
Posted 2019-11-28T05:43:54.620
Reputation: 141
dnsmasqmay fit your needs. Note that the DNS does not work by default as the case you need (try X fallback to Y fallback to Z etc.) except if no reply whatsoever, but a negative reply is considered a reply and a normal resolver will stop here. So this is not a vanilla demand from the DNS world, even if indeed the problem arises often with VPNs. You won't have a problem if you register a domain name to be used as suffix of all your internal hosts then the normal resolution will be enough and works globally and publicly. – Patrick Mevzek – 2019-11-29T15:29:59.930I am curious dnsmasq can be configured to do this of course (try X fallback to Y fallback to Z etc.) but haven't found a way. I find dnsmasq is often introduced as easy to configure yet anyone looking at
/etc/dnsmasq.confwill be overwhelmed with the sheer number of options and jargon to master before trying to solve a problem like this alas. – Bernd Wechner – 2019-12-01T01:14:07.083