DNS
It's always DNS...
Split DNS Requests
I often use a VPN to connect to corporate resources, which have their own internal DNS at e.g., corp.domain.com. If I SSH into a machine, I want my connection to automatically append the domain to the hostname, then perform the right lookup to route me there properly. Coincidentally, I also want the same to connect to my own homelab resources, which are typically under home.chza.me. Again, if I have a host on info-highway.home.chza.me, I want to type ssh info-highway and have it automatically route me to the correct place.
This can be done with per-interface DNS routing, known as split tunnelling, and can be configured with most network configuration management tools in Linux. In my testing, I have set this up on both a NetworkManager based system, and a systemd-networkd system.
General Learnings
- Routing domains are for routing requests to that subdomain, but not making it part of the search
- Search domains are for appending to the single value hostname, e.g.,
diving-orca.home.chza.mewould be queried for ahome.chza.mesearch domain - You configure both (temporarily) with
resolvectl domain interface [~]domain.com- Use
domain.comfor search and routing - Use
~domain.comif you only want to route*.domain.com
- Use
- Use
systemd-resolvedto create a POC, withresolvectl dnsandresolvectl domain - Persist this in the network configuration manager if a permanent part of the system (e.g., fixed wired interface)
- Added
Domains=home.chza.me iot.chza.meto/etc/systemd/network/10-enp34s0.network - Set domain with
sudo nmcli device modify eth0 ipv4.dns-search "home.chza.me iot.chza.me"forNetworkManager
- Added
- Use
resolvectlto manage if it is e.g., a Wireguard interface