default DNS caching name server on Fedora ?
Paul Wouters
pwouters at redhat.com
Wed Jun 20 20:27:52 UTC 2012
On Wed, 20 Jun 2012, Kevin Fenzi wrote:
> Connect your vpn, etc.
>
> Then tell unbound what you want it to do:
>
> unbound-control forward_add redhat.com x.x.x.x y.y.y.y
> unbound-control forward_add yourdomain z.z.z.z
>
> (unbound-control gives you a lot of control, you can flush cache, setup
> forward, see it's man page or help for all the options).
>
> I'm not sure how hard/possible it is for dnssec-trigger to get this
> info from the vpn/NM and just set it for you.
You need to do a little more, see /usr/lib/ipsec/_updown.netkey which
is where openswan handles this:
updateresolvconf() {
if [ -n "$PLUTO_CISCO_DNS_INFO" ]; then
if [ -n "`pidof unbound`" -a -n "$PLUTO_CISCO_DOMAIN_INFO" ];
then
echo "updating local nameserver for $PLUTO_CISCO_DOMAIN_INFO with $PLUTO_CISCO_DNS_INFO"
/usr/sbin/unbound-control forward_add $PLUTO_CISCO_DOMAIN_INFO $PLUTO_CISCO_DNS_INFO
/usr/sbin/unbound-control flush_zone $PLUTO_CISCO_DOMAIN_INFO
return
fi
fi
restoreresolvconf() {
if [ -n "$PLUTO_CISCO_DNS_INFO" ]; then
if [ -n "`pidof unbound`" ]; then
echo "flushing local nameserver of $PLUTO_CISCO_DOMAIN_INFO"
/usr/sbin/unbound-control forward_remove
$PLUTO_CISCO_DOMAIN_INFO
/usr/sbin/unbound-control flush_zone
$PLUTO_CISCO_DOMAIN_INFO
fi
return
fi
The flush_zone is needed so you can access the domain again using the
public view DNS.
Paul
More information about the devel
mailing list