|
On 11/06/2016 07:30 PM, Paul Swanson
wrote:
I don't know if it's the "best" way, but for trusted DNS I put this script in /etc/NetworkManager/dispatcher.d/50-dnsmasq and run the dnsmasq service. I configure a trusted nameserver in dnsmasq.conf The NM nameservers are saved as /etc/resolv.conf.dhcp, and dnsmasq can read those as additional nameservers if you like. (Sounds like you don't like from your situation.) You could omit the checks that dnsmasq is actually working, if you don't want fallback to the DHCP nameservers. I use cjdns for VPN, and if you configure a cjdns tunnel server to provide a default route, cjdns will route everything except the IPs it needs for the VPN peers. Any cjdns enabled nodes on the local LAN will automatically provide connectivity to the cjdns VPN - but a cjdns tunnel server somewhere is still needed for access to the ICANN internet. cjdns peers use random UDP ports. But some places block all UDP. #!/bin/bash event="$2" NS="fcff:aa44:3300:2244:55dd:48:822:98dd" # need a "documentation" cjdns IP pingcheck() { ping6 -n -c 1 -w 5 $1 >/dev/null 2>&1 } exec 2>/tmp/dnsmasq.log case "$event" in up) pingcheck $NS || pingcheck $NS || exit # replace example.bit with some domain that you want to check resolves host -T example.bit 127.0.0.1 >/dev/null || exit if diff /etc/resolv.conf /etc/resolv.conf.dnsmasq >/dev/null; then : else cp /etc/resolv.conf /etc/resolv.conf.dhcp cp /etc/resolv.conf.dnsmasq /etc/resolv.conf fi ;; esac -----------------%<---------------------%<------------------%<---------------------- |