[systemd-devel] systemd-resolved not working in a realistic scenario

Farkas Levente lfarkas at lfarkas.org
Thu Apr 27 12:46:09 UTC 2023 

Hi,

I already read many docs about systemd-resolved, but still to able to 
solve my very simple use case for name resolution.

Suppose we've two (not only one!) private/internal domain and both of 
them have a separate dns server. eg:
- domain: a.com dns: 1.2.3.4
- domain: b.com dns: 5.6.7.8

Assume we use a vpn and we only access to these domains and dns servers 
only when we connect to the vpn. What's more we use some wireguard vpn 
solutions like tailscale, netbird or netmaker. This is important since 
these has it's own internal dns servers and domains. The dns servers 
usually listen on the local ip address of the wireguard interface eg:
- domain: netbird.cloud dns: 100.76.1.2

This means i've 2 interface:
- enp6s0 (lan)
- wt0 (wireguard)

What I'd like to achieve:
- if the vpn is not connected
   - all dns query goes to 8.8.8.8
- if vpn is connected:
   - netbird.cloud goes to 100.76.1.2
   - a.com goes through wt0 to 1.2.3.4
   - b.com goes through wt0 to 5.6.7.8
   - all other domain goes to 8.8.8.8
   - and of course my search domains netbird.cloud a.com b.com

as far as i see systemd-resolved assume all dns on the same interface 
has the same role and serve the same domains (which is not true in this 
case). if I start systemd-netword i've only one list for DNS and one for 
domains. Even though I can define
DNS=100.76.1.2%wt0#netbird.cloud 1.2.3.4%wt0#a.com 5.6.7.8%wt0#b.com
but it's not working. And if I also add
Domains=netbird.cloud a.com b.com
that's not help either.

So can I configure more domain to different dns server(s) on the same 
interface or not? How can I configure more dns servers for one domain? 
eg a.com can have 2 dns servers?

What's more if it's as laptop and I can go to the office where the a.com 
and b.com domain no longer required to route (since these are the 
internal domains) BUT the vpn connection still required and the 
netbird.cloud domain still should have to be resolved on the wt0 
interface, than I can't put this into network interface specific 
.network config file since the wt0 is up both at the office and at home.

IMHO this is a very realistic setup where i've more than one domain and 
more then one dns servers.

Is it currently not possible or just way too complicated?

Thanks in advance.

Regards.


ps. anyway this 1.2.3.4%wt0#a.com configuration reminds me to the old 
sendmail config files. which was so cryptic that no one can configure.

-- 
Levente                               "Si vis pacem para bellum!"

More information about the systemd-devel mailing list