[systemd-devel] Can not reslove DNS per interface
Lejia Chen
monsoon.cl at gmail.com
Sat Mar 23 08:19:47 UTC 2019
I guess I need try to workaround my problem in some other ways (like
disable systemd-resolved and use iptables to redirect my DNS request).
Thank you anyways.
On Sat, Mar 23, 2019 at 12:27 AM Mantas Mikulėnas <grawity at gmail.com> wrote:
>
>
> On Fri, Mar 22, 2019, 15:32 Lejia Chen <monsoon.cl at gmail.com> wrote:
>
>> Environment: Fedora 29, Systemd version: 241. (My NetworkManager use
>> systemd-resolved as a DNS resolver)
>>
>> I setup a VPN, and my VPN created a virtual interface (named tun0). I use
>> iptables to mark some processes packets and let these packets go through
>> this virtual interface.
>>
>> I add a DNS in this tun0 device, and want those marked processes to use
>> this DNS to resolve domain. Also I want other processes to use my default
>> network interface's (name enp7s0) DNS to resolve domain. The marked
>> processes don't use enp7s0 interface DNS, and other process don't use tun0
>> interface DNS.
>>
>> I try to configure my interface DNS settings many times, but I still
>> can't solve my problem. systemd-resolved always sends DNS resolve requests
>> to
>>
>
> There's the key part: *systemd-resolved* sends the DNS requests – not
> your processes themselves. So the iptables rules are never matched because
> the packets are generated by a different process with a different UID.
>
> There is no way for systemd-resolved to know what fwmark would have been
> applied to the original process, iptables rules are only known to iptables
> itself.
>
> (in fact, if you use the DNS emulation at 127.0.0.53, I'm not sure if
> systemd-resolved even knows which process sent the request.. )
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190323/c14e6b29/attachment-0001.html>
More information about the systemd-devel
mailing list