1
I have a DNS server that lacks forwarders. Its only aim is to resolve machines on my internal domain. As such, dig/ping somevaliddomain.com returns nothing. This is the behavior I want.
When I start up OpenVPN on the server (successfully via IP, rather than \domain) and run the same dig/ping queries, my BIND9 server is automagically returning records/responses. What is OpenVPN tinkering with and how can I stop it?
My OpenVPN configuration follows:
client
dev tun
proto udp
remote [removed the IP address] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca [removed the certification file]
tls-client
remote-cert-tls server
auth-user-pass password.txt # I realize this is bad practice.
comp-lzo
verb 1
reneg-sec 0
AGormlessFool
Posted 2013-08-10T20:40:23.373
Reputation: 11
Without forwarders and without root hints? – user1686 – 2013-08-10T21:19:00.037
...annnnd, I'm an idiot. I would have noticed this immediately but I had also been tinkering with iptables, so it seemed as though the external resolution only occurred when OpenVPN was up. Thanks for jostling my brain. – AGormlessFool – 2013-08-10T23:02:45.140