Wednesday, December 20, 2023

unwind not picking up autoconf resolver from wg0

I have a setup where a machine has 2 network interfaces:

host fqdn: foo.company.com - public address
vio0 - autoconf'd from internet provider, public IP
wg0 - intranet with it's own DNS intra.company.com dns domain and 10.0.0.0/8 network

Wireguard is configured in star topology, with 10.0.0.1 server providing org-wide
DNS, router, printing, etc.

---- unwind.conf: ----------------------------------------------
forwarder {
1.1.1.1 port 853 authentication name cloudflare-dns.com DoT
1.0.0.1 port 853 authentication name cloudflare-dns.com DoT
}

force accept bogus autoconf {
intra.company.com
}

preference { autoconf forwarder }
----------------------------------------------------------------

wg0 has DNS resolver added using route, as instructed in man resolvd(8)

---- /etc/hostname.wg0: ----------
inet ...
wgkey ...
... snip wg vpn config here ...
!route nameserver wg0 10.0.0.1
----------------------------------

I can definitely observe commented out 10.0.0.1 resolver in /etc/resolv.conf,
as expected when unwind and resolvd are running.

However, when I try to resolve anything with unwind, it fails:

# host foo.intra.company.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

Host foo.intra.company.com not found: 3(NXDOMAIN)

Resolver on the other side of wg0 is working:

# host foo.intra.company.com 10.0.0.1
Using domain server:
Name: 172.16.0.1
Address: 10.0.0.1#53
Aliases:

foo.intra.company.com has address 10.0.0.xx

When checking autoconf status, I see that unwind is not picking
up resolver from wg0:

# unwindctl status autoconf
autoconfiguration forwarders:
DHCP[vio0]: aa.bb.cc.dd ee.ff.gg.hh

I'm out of ideas here. How can convince unwind to use resolver
from wg0?

Cheers,
Chris

No comments:

Post a Comment