default DNS caching name server on Fedora ?
Paul Wouters
pwouters at redhat.com
Wed Jun 20 20:24:16 UTC 2012
On Wed, 20 Jun 2012, Simo Sorce wrote:
> There are at least 2 situations where it is needed, and they are common
> or will be common enough.
>
> The 2 use cases for which a properly configurable and dynamically
> changeable caching DNA name server would be really useful are:
> - DNSSEC verification
> - Clients using VPNs into private networks.
This already works out of the box using unbound, dnssec-trigger and
openswan. I use it every day to connect to the red hat vpn, even
if I'm at a hotspot place.
> A good name caching server would forward all .redhat.com DNs request top
> the DNS addresses provided by the VPN connection, all my .home addresses
> to my local DNS server (provided by dhcp) and perhaps all other
> addresses to a configurable 'default DNS server'.
openswan does this based on the XAUTH informationn received. It receives
the domain (redhat.com) and the name server IPs, and reconfigured
unbound on the fly to forward those. When the tunnel is brought down,
the DNS records are flushed so the external view becomes visible again.
Please give it a shot, or ping me if you want to check your
configuration. But it should be out of the box (apart from the openswan
ipsec.conf)
Paul
More information about the devel
mailing list