tinc vpn interface specific dns under Linux
Guus Sliepen
guus at tinc-vpn.org
Sun May 22 14:51:55 CEST 2011
On Sun, May 22, 2011 at 12:29:59AM -0500, Rob Townley wrote:
> Window allows one to specify a DNS domain name and DNS server for a
> particular interface.
> So all DNS queries of your tinc interface are sent to a particular dns server.
> For instance windows tinc clients can use a particular dns server on a
> private LAN available only to clients inside that NAT or tinc clients.
>
> NetworkManager allows you to specify the same, but the tinc interface
> does not show up in NetworkManager.
I think NetworkManager ignores any interface that doesn't look like regular or
wireless Ethernet. You should read the NM documentation to find out if there is
a way to get it to work with the VPN interface, or ask it on their IRC channel
or mailing list.
> /usr/share/doc/initscripts*/sysconfig.txt
> shows that ifcfg-ethX files allow you to specify particular DNS
> servers for that interface
> (sorta anyway because the docs say it just gets added to /etc/resolv.conf).
> So adding DNS1=<ip of my DNS server available over tinc net> to
> /etc/sysconfig/network-scripts/ifcfg-eth0
> may get me somewhere to this goal.
> But how can one add DNS1 to the tinc interface instance or at least
> /dev/net/tun?
> Can i just create a /etc/sysconfig/network-scripts/ifcfg-tincvpn file
> and put the DNS entries in there?
> Is there something i can do with tinc-up to set DNS for the tinc interface?
I guess you can write a /etc/sysconfig/network-scripts/ifcfg-$INTERFACE file
from tinc-up, and then you probably have to run an rc script or poke some
daemon to read that file.
You are probably using RedHat or CentOS? On Debian, you can install the
resolvconf package, and call the resolvconf binary from the tinc-up and
tinc-down scripts to automatically update /etc/resolv.conf.
> i thought for sure /etc/networks would be the solution, but 'man
> networks' says that only class A, B, C networks are supported. CIDR
> notation is not.
The /etc/networks file is only to make the output of "route" pretty, it has
nothing to do with DNS.
Instead of modifying /etc/resolv.conf (either manually or through sysconfig or
resolvconf), you can also install your own recursive DNS server, like unbound.
You are then independent of the DNS servers of your provider. Also, if you have
a private DNS server that has some zones specific to your VPN, then you can
tell your local DNS server to forward any queries for that domain to the
private DNS server. That way normal hostnames will resolve whether or not you
are connected to the VPN, and VPN hostnames only when you are connected.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110522/e39316f4/attachment.pgp>
More information about the tinc
mailing list