[systemd-devel] Can not reslove DNS per interface
Mantas Mikulėnas
grawity at gmail.com
Fri Mar 22 16:26:57 UTC 2019
On Fri, Mar 22, 2019, 15:32 Lejia Chen <monsoon.cl at gmail.com> wrote:
> Environment: Fedora 29, Systemd version: 241. (My NetworkManager use
> systemd-resolved as a DNS resolver)
>
> I setup a VPN, and my VPN created a virtual interface (named tun0). I use
> iptables to mark some processes packets and let these packets go through
> this virtual interface.
>
> I add a DNS in this tun0 device, and want those marked processes to use
> this DNS to resolve domain. Also I want other processes to use my default
> network interface's (name enp7s0) DNS to resolve domain. The marked
> processes don't use enp7s0 interface DNS, and other process don't use tun0
> interface DNS.
>
> I try to configure my interface DNS settings many times, but I still can't
> solve my problem. systemd-resolved always sends DNS resolve requests to
>
There's the key part: *systemd-resolved* sends the DNS requests – not your
processes themselves. So the iptables rules are never matched because the
packets are generated by a different process with a different UID.
There is no way for systemd-resolved to know what fwmark would have been
applied to the original process, iptables rules are only known to iptables
itself.
(in fact, if you use the DNS emulation at 127.0.0.53, I'm not sure if
systemd-resolved even knows which process sent the request.. )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190322/492f1ef9/attachment.html>
More information about the systemd-devel
mailing list