On Thu, Jan 23, 2020 at 10:16:14AM +0000, Samuel Harmer wrote:
Dear List, Thoroughly enjoying NetworkManager (NM)! Just one thing I could not find an obvious method to achieve so thought I would double-check. I am trying to work out how to define (in NM settings) an interface should be used for unqualified lookups. Specifically *unqualified*, I can't make use of search->fully-qualified as there are private web servers that expect the browser to be requesting an unqualified hostname. I can't alter this bizarre (imo) design choice. With pure dnsmasq I can use `[--]server=//192.168.n.n` and `[--]server=/local/192.168.n.n` to specify a DNS server to send both unqualified and private domain lookups to. With NM I can specify `nmcli [...] set ipv4.dns-search ~local` to have private zones looked up via NM's dnsmasq (assuming `dns=dnsmasq`), but I can't see a way to direct (all) unqualified lookups to the interface (or rather the DNS server(s) provided by the DHCP server on the interface). The interface is not used as a default gateway, but I am guessing I could fiddle around with adding back in `~.` and (misusing) ipv4.dns-priority so all unqualified names go to a private DNS server(s) first, but this feels like a cludge and would (I guess) still result in the unqualified names being forwarded on to public DNS servers should one not exist in the private DNS servers. A less-cludgy inelegant alternative would be to `echo "server-file=/etc/NetworkManager/unqualified.servers" > /etc/NetworkManager/dnsmasq.d/unqualified`, then use a dispatcher to populate unqualified.servers, followed by SIGHUP NetworkManager's dnsmasq instance. Neither option feels right. Is this a missing feature or have I missed something?
Hi, unlike dnsmasq, NM doesn't have a way to specify that unqualified domains should be handled differently. Usually, in such cases a search domain is used, which gets appended by the resolver to the unqualified name and then it is also used as a routing domain to direct the query to a specific interface. Does you private resolver also reply to queries for qualified names with a specific local domain? If so, you can add 'mydomain' to 'ipv4.dns-search', and then if you type 'webserver' in the browser the resolver will query 'webserver.mydomain' through that interface. If that doesn't work for you, the only workarounds I can think of are the ones you already described. Beniamino
Attachment:
signature.asc
Description: PGP signature