Reverse DNS lookup not working on local IPs
Greelan opened this issue · 5 comments
Hi @jonathanio , thanks very much for your script. I've used it for some time and it addresses DNS leakage issues for me when using OpenVPN.
One behaviour though I have noticed is that using the DOMAIN ROUTE . option breaks local reverse DNS lookup. When I don't have OpenVPN running (and the script has not updated the DNS servers), I can happily do a reverse DNS lookup on local IPs. However, when the script does its work, local reverse DNS queries do not make it to the gateway (local DNS server) - they instead go over the OpenVPN tunnel and as a result return NXDOMAIN.
I realise the behaviour of DOMAIN ROUTE . is to ensure that all DNS queries not related to the DNS domain specifically associated with another interface, are routed to the default route interface. Local domain name lookups work fine, since my local domain is listed on the non-tunnel interface as the DNS domain. Is there some way of replicating that behaviour for reverse DNS lookups? That is, I want both DNS lookups on local domain names, and reverse DNS lookups on local IPs, to be directed to the local DNS server, rather than going down the tunnel.
Thanks!
Is systemd/systemd#10081 related?
Possibly is, thanks for the reference. Of course, the routing-only domain setting under update-systemd-resolved is different to that example, but it seems the underlying behaviour is equivalent.
The thread you referenced does suggest a workaround for me, by specifying the reverse DNS domains associated with the local search domain in a .network config. Clunky, but should address the issue.
If it's the case that this is a behaviour of systemd itself, then I guess it is independent of the update-systemd-resolved script and so I will close this issue.
PS - ended up adding the reverse DNS domains to my netplan config, rather than .network, as a config created for the latter appears to be either/or with DHCP (ie you can't just add domains to those served by DHCP).
you can't just add domains to those served by DHCP
You might be hitting systemd/systemd#8174
Nah, that looks different. Thanks anyway.