Feature request: LAN DNS for specific domain

Suggestions/comments/criticisms are welcome here

Arkku

Posts: 2
Joined: Mon Jul 24, 2017 9:04 pm

Post by Arkku » Mon Jul 24, 2017 9:10 pm
Hi,

I would like to request a kind of "reverse split DNS" option, i.e., allow the user to specify a DNS and a domain that does _not_ use VPN, and have everything else go through the VPN. Use case would be a LAN with a local domain and DNS, together with a general privacy VPN. Using VPN DNS in such a configuration makes the LAN DNS unavailable, and the current split DNS option defaults to the LAN DNS, causing DNS leaks.

The UI for this feature could be just another menu option, such as "LAN DNS", and the existing fields for domain and DNS would just have something like "mylocaldomain" + "192.168.0.1".

-K

James

User avatar
Posts: 1923
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Aug 01, 2017 12:15 pm
Hi Arkku,

Thanks for the feedback - we'll take it on board.

As a tip for in the meantime, if you're a Mac user you should be able to pull this off by setting Viscosity's DNS for your connection to Full Mode, and then creating DNS resolver files in /etc/resolver/ for the domain/s to override to your local DNS servers. I'm afraid documentation for it seems a little sparse, however the following links should help:
https://developer.apple.com/legacy/libr ... ver.5.html
http://hints.macworld.com/article.php?s ... 2902195410

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

bribri

Posts: 13
Joined: Fri Jan 11, 2019 6:57 am

Post by bribri » Mon Nov 04, 2019 7:49 am
Hi, I'm bumping this old thread because I'm trying to set up the same thing, but I can't get it to work with the previous instructions.

I've set my VPN's DNS mode to "Full DNS" and then created files in /etc/resolver for the domains I want to use my local DNS server for as per the linked instructions. However when I resolve the name it still uses the VPN's DNS server.

Is there anything else I can try?

James

User avatar
Posts: 1923
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Nov 04, 2019 10:00 am
Hi bribri,

You can find an example for creating a resolver file in the correct format in Step 3 in the following forum post (you can ignore Step 1). Replace "myhome" with the correct domain to use (e.g. "sparklabs.com"), and "192.168.0.1" with the IP address of your local DNS server.
https://www.sparklabs.com/forum/viewtopic.php?f=3&t=2744#p8315

When testing your setup also ensure that you're not using nslookup, dig, or host. Instead use tools like ping or dscacheutil. Please see the following for more information on why this is (as well as how to use dscacheutil for lookups):
http://www.sparklabs.com/support/kb/article/configuring-dns-and-wins-settings/#notes-for-linux-unix-users

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

bribri

Posts: 13
Joined: Fri Jan 11, 2019 6:57 am

Post by bribri » Mon Nov 04, 2019 1:52 pm
Mon Nov 04, 2019 10:00 amJames wrote:
When testing your setup also ensure that you're not using nslookup, dig, or host.
That was my problem! It was actually working as intended, but I was using dig and it was leading me to think that it wasn't. Thanks for the tip.

bribri

Posts: 13
Joined: Fri Jan 11, 2019 6:57 am

Post by bribri » Thu Nov 07, 2019 7:02 am
I have a new issue concerning this:

I have a hostname that I always want to be resolved using the system's local DNS server and not over my VPN connection. However the system in question is a laptop and might be connected to any number of local networks. Consequently I can't specify the local DNS server by IP address in "/etc/resolver/hostname.domain" as it's not guaranteed to be the same IP address on each network.

Is there anyway to get it to work in this situation?

James

User avatar
Posts: 1923
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Nov 08, 2019 3:08 pm
Hi bribri,

You could either have a script automatically update the DNS server to use whenever there is a network change, or using a static DNS server that's always available (such as Cloudflare's 1.1.1.1, or Google's 8.8.8.8).

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

bribri

Posts: 13
Joined: Fri Jan 11, 2019 6:57 am

Post by bribri » Fri Nov 08, 2019 3:20 pm
Thanks James. Would you be willing to say a little more about how to write such a script? I'm curious both what would execute the script (e.g., would it be a launchd job?) and how to change the DNS server (e.g. should the script just edit the /etc/resolver/hostname.domain file)?

James

User avatar
Posts: 1923
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Nov 11, 2019 6:12 am
I'm afraid that's going outside of something we can directly support.

My recommendation for a starting point would be to write a shell script that looks at the local DNS server and then overwrites the /etc/resolver/hostname.domain file with the updated version. Then you could either invoke this script using AppleScript whenever your VPN connection connects (and optionally delete the hostname.domain file when disconnected), or use a third-party tool to invoke your script whenever there is a network change (e.g. using ControlPlane, Sidekick, etc.).

https://www.sparklabs.com/support/kb/article/running-applescripts-when-connected-disconnected/

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
9 posts Page 1 of 1