On Tuesday, September 29, 2020 5:13:48 AM MST Zbigniew Jędrzejewski-Szmek wrote:
On Mon, Sep 28, 2020 at 11:41:12PM -0700, John M. Harris Jr wrote:
On Monday, September 28, 2020 9:39:17 AM MST Michael Catanzaro wrote:
You can do this, but again, you need to use the command line. E.g. 'resolvectl dns tun0 8.8.8.8'
We're actually no longer debating how systemd-resolved works; rather, we're now debating how NetworkManager chooses to configure systemd-resolved. systemd-resolved just does what it's told to do. It's
actually NetworkManager that decides to split DNS according to routing by default as a matter of policy. It could do otherwise if it wanted to, but I think this is a good default. Nothing stops you from changing
it though. :)
Michael, By what mechanism does NetworkManager "split DNS according to routing"? If it hasn't already made a request from both your cleartext and your VPN connection's DNS servers, it has no way of knowing what network should be used to get the right results. Routing and DNS are unrelated.
NetworkManager pushes DNS server configuration (and associated bits like domain search and routing domains) over dbus to resolved. That way it "[tells resolved how to] split DNS according to routing". Of course, after the name has been resolved to an IP address, the packets to that IP address are routed too. So there is "routing" in the sense of deciding which interface is appropriate for a given DNS name and "routing" in the sense of deciding which interface is appropriate for a given IP address.
It seems that the terminology is fairly confusing, considering it's right alongside actual routing configuration.. Okay, so "routing" means something wildly different than you'd think with systemd-resolved, got it.
In most cases, in order to get to a DNS server inside a VPN, your packets have to have a route which can reach the IP of that server for that interface, which is configured using NetworkManager (or a VPN config file, imported into NM). Anyone that understands basic networking will likely be confused by this terminology.
That aside, where in NetworkManager do these "routing domains" get specified?