Re: DNS settings...
Re: DNS settings...
- Subject: Re: DNS settings...
- From: Matthew Bogosian <email@hidden>
- Date: Sun, 18 Sep 2005 18:09:58 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm having a bit of trouble with SupplementalMatchDomains myself. I
found this previous thread (which seems related): <http://
lists.apple.com/archives/Macnetworkprog/2005/Jun/msg00011.html>.
However, it doesn't seem to work as advertised.
I'm using OpenVPN <http://openvpn.net/> as my VPN connection
application. It uses /dev/tun0 as its network interface. Here is the
output for the interface from ifconfig after the connection has been
established:
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet <LOCAL_VPN_IP> --> <REMOTE_VPN_IP> netmask 0xffffffff
open (pid 1014)
The network to which I am connecting has a dummy (intranet) domain
name (e.g., "domain.dom") with its own DNS server at <VPN_DNS_IP>
used to resolve names in that dummy domain (e.g., "www.domain.dom").
What I would like to do configure the OS X resolver to forward all
requests for resolving domain.dom names to <VPN_DNS_IP>, but use my
existing DNS configuration for all other requests.
After the VPN connection is made, I issue the following commands (as
root) via scutil:
d.init
d.add Addresses * <LOCAL_VPN_IP>
d.add DestAddresses * <REMOTE_VPN_IP>
d.add InterfaceName tun0
set State:/Network/Service/domain-dom-tun0/IPv4
d.init
d.add ServerAddresses * <VPN_DNS_IP>
d.add SupplementalMatchDomains * domain.dom
set State:/Network/Service/domain-dom-tun0/DNS
quit
After entering these commands, I can see the new resolver entry in
the output of 'scutil --dns', but domain.dom *also* gets added to the
default resolver:
DNS configuration
resolver #1
domain : myisp.net
search domain[0] : domain.dom <- HUH?!
search domain[1] : myisp.net
nameserver[0] : <MY_ISP_IP>
order : 200000
resolver #2
domain : domain.dom
nameserver[0] : <VPN_DNS_IP>
order : 100600
...
What gives? Any help would be very much appreciated (incidentally,
I'm running 10.4).
--Matt
On Sep 9, 2005, at 10:04 PM, John Haskey wrote:
On Sep 9, 2005, at 10:04 PM, John Haskey wrote:
On Fri, 9 Sep 2005, John Haskey wrote:
In June there was a thread entitled 'Temporarily changing DNS
servers and
search domains in Tiger" which I've read with interest. I've been
experimenteing with the suggestions offered in that thread with
little
little success.
In my 'vpn-ish' application I too am using the tun device. Prior to
Tiger I modified resolv.conf when I wanted to add additional
nameservers
(at the beginning of the list) and also an additional domains on the
'search' line.
Following up my own post, after some more work I've had limited
success.
But it would be great if someone could point me to some good
documentation
to how the 'new' DNS stuff works, what keys are reguired (looks like
SupplementalMatchDomains is key in some way) and how they all
interact.
The SupplementalMatchDomains key comes into play when you have a
(non-"primary") service that wants to direct DNS requests for
specific domain names to an alternate set of servers. For example,
let's say you have a service which includes the following DNS
dictionary :
<dict>
<key>SupplementalMatchDomains</key>
<array>
<string>foo.com</string>
</array>
<key>ServerAddresses</key>
<array>
<string>10.0.1.1</string>
</array>
</dict>
In this case, any DNS queries for "foo.com" domain will be directed
to the 10.0.1.1 [DNS] server.
If this is the "primary" service than the SupplementalMatchDomains
key is ignored (and we use the DomainName and SearchDomains keys to
establish the baseline DNS configuration).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
iD8DBQFDLg/mnLpDzL5I7l8RAu3HAJ41jrbI9zXYfY+KNjj44jUX6lepKQCeOnfm
8dcXaMUJrXBZG3jRfVNOH2A=
=kbHJ
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden