Tag: dns

Systemd-resolved DNS configuration for VPN

Posted on by Bian Xi Leave a Comment on Systemd-resolved DNS configuration for VPN

Systemd-resolved DNS configuration for VPN

VPN GUI

When using ubuntu GUI VPN connection, the DNS might not be updated correctly. Following command can be used to update search domain and DNS server.

sudo systemd-resolve --interface tun0 --set-dns <dns_server> --set-domain <domain>

Note: The latest test in VPN GUI, the DNS setting is working as expected.

VPN CLI

For openvpn command line,

openvpn --config client.ovpn --script-security 2 --up ./manual-config

The manual-config script can be as follow

#!/bin/sh
set -e
resolvectl dns $dev 192.0.2.53 192.0.2.54
resolvectl domain $dev "~foo.example.com" "~bar.example.com"
resolvectl dnssec $dev off

or

#!/bin/sh
systemd-resolve -i $dev \
  --set-dns=192.0.2.53 --set-dns=192.0.2.54 \
  --set-domain=foo.example.com --set-domain=bar.example.com \
  --set-dnssec=off  # <- Not super nice, but might be needed.

Another method is to use /etc/openvpn/update-systemd-resolved script, which is in openvpn-systemd-resolved package,

openvpn \
  --config client.ovpn \
  --up /etc/openvpn/update-systemd-resolved \
  --down /etc/openvpn/update-systemd-resolved \
  --down-pre \

NetworkManager Integration

To allow DNS and other options applied to new interface, a dispatcher file can be created, for example, /etc/NetworkManager/dispatcher.d/10-openvpn-tun0-up. The content can be as follows

#!/usr/bin/env bash

interface=$1
event=$2

if [[ $interface != "tun0" ]] || [[ $event != "up" ]]
then
  return 0
fi

# place your commands bellow this line

resolvectl dns tun0 192.168.1.1 192.168.1.2
resolvectl domain tun0 "~new.com"

References

Systemd-resolved DNS configuration for VPN
Network Manager script when interface up?

Add Search Domain for DNS in CentOS 8

Posted on by Bian Xi Leave a Comment on Add Search Domain for DNS in CentOS 8

Add Search Domain for DNS in CentOS 8

There is no option in network configuration GUI menu for search domain. Following steps can be used to add search domain.

  • Modify file /etc/sysconfig/network-scripts/ifcfg-<interface_name>
  • Add line SEARCH=<search_domain>
  • Restart NetworkManager by run command systemctl restart NetworkManager

References

How to configure static DNS and Search domain for Redhat / CentOS and Redhat Linux

Ping fails but nslookup works in MacOS

Posted on by Bian Xi Leave a Comment on Ping fails but nslookup works in MacOS

Ping fails but nslookup works

When performing nslookup, the IP can be returned. But when performing ping, return following error

ping: cannot resolve <hostname>: Unknown host

Causes

Second DNS server issue

The second DNS server isn't resolving the IP address.

Another DHCP server issue

Another DHCP server provide different DNS server.

Fix

killall -HUP mDNSResponder

References

DNS lookup fails but nslookup works

Using wildcard DNS record

Posted on by Bian Xi Leave a Comment on Using wildcard DNS record

Using wildcard DNS record

Using wildcard in DNS A or CNAME can reduce maintenance work, but this also has some drawback.

Pros

Updating DNS will take time, not only needs time to edit DNS entries, but also the DNS broadcast time, which can take more than 30 minutes to update an existing entry in other DNS server, and some DNS server can take even longer.

If use widecard, there is no editing requirement.

Cons

Search suffix

If /etc/resolv.conf has entry as below

search example.com

When searching for google.com, It might hit google.com.example.com if wildcard used, because google.com.example.com will return IP address as same as example.com.

Caching

Without editing entry, the some DNS servers might still caching old data. For example, if you have both wildcard *.example.com and a specific entry ftp.example.com, and you decided to remove ftp.example.com, the wildcard might not take effect.

Accessing non-exist domain

If using browser access undefined domain name, and hit the web server, using NGINX can perform redirect to change URL. This can fix the issues which web coding based on current URL.

server {
    listen 80;
    server_name *.mywebsite.tld;
    return 301 $scheme://mywebsite.tld$request_uri;
    }

server {
    listen  80;
    server_name mywebsite.tld;
    [...]
    }

References

Is a wildcard DNS record bad practice?

DNS Configuration Basic

Posted on by Bian Xi Leave a Comment on DNS Configuration Basic

DNS Configuration Basic

Define subdomain using IP address

A record to define a subdomain to IP

A   www 192.168.1.1

Define subdomain using host

CNAME record to define a subdomain to IP

CNAME   www www.example.com

Default host for all subdomains

Following record is to give IP address of www.example.com to all subdomains.

CNAME   *   www.example.com

Default IP for domain

Use @ in A record.

A   @   192.168.1.1

Default EMAIL server

MX  mail.example.com    20

Note: The number is Priority