I have a setup where a machine has 2 network interfaces:
host fqdn: foo.company.com - public address
vio0 - autoconf'd from internet provider, public IP
wg0 - intranet with it's own DNS intra.company.com dns domain and 10.0.0.0/8 network
Wireguard is configured in star topology, with 10.0.0.1 server providing org-wide
DNS, router, printing, etc.
---- unwind.conf: ----------------------------------------------
forwarder {
1.1.1.1 port 853 authentication name cloudflare-dns.com DoT
1.0.0.1 port 853 authentication name cloudflare-dns.com DoT
}
force accept bogus autoconf {
intra.company.com
}
preference { autoconf forwarder }
----------------------------------------------------------------
wg0 has DNS resolver added using route, as instructed in man resolvd(8)
---- /etc/hostname.wg0: ----------
inet ...
wgkey ...
... snip wg vpn config here ...
!route nameserver wg0 10.0.0.1
----------------------------------
I can definitely observe commented out 10.0.0.1 resolver in /etc/resolv.conf,
as expected when unwind and resolvd are running.
However, when I try to resolve anything with unwind, it fails:
# host foo.intra.company.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
Host foo.intra.company.com not found: 3(NXDOMAIN)
Resolver on the other side of wg0 is working:
# host foo.intra.company.com 10.0.0.1
Using domain server:
Name: 172.16.0.1
Address: 10.0.0.1#53
Aliases:
foo.intra.company.com has address 10.0.0.xx
When checking autoconf status, I see that unwind is not picking
up resolver from wg0:
# unwindctl status autoconf
autoconfiguration forwarders:
DHCP[vio0]: aa.bb.cc.dd ee.ff.gg.hh
I'm out of ideas here. How can convince unwind to use resolver
from wg0?
Cheers,
Chris
No comments:
Post a Comment