[dns-operations] Split view autoconfiguration

Petr Menšík pemensik at redhat.com
Thu Nov 12 12:59:45 UTC 2020

Hello DNS experts, Hi Paul,

I am looking for correct way to autoconfigure split DNS. By that, I mean
something that dnssec-trigger prepares, when I connect to our enterprise
VPN. It keeps most of queries to original connection servers provided.

But for special internal domains, it redirects queries on local running
unbound server to addresses provided by VPN connection. Similar way
behaves systemd-resolved and dnsmasq configured by Network Manager.

I think they use DHCP option 119 [1], which was originally used for
different thing. It is already used and can be used as a hint. But its
purpose is to search relative names. I found only explicit configuration
for IKEv2 [2], which provides required information.

Am I missing standard way to pass internal domains on VPN connections
for different types? Is there any best practice or recommendation how to
configure it in general?

Is it so uncommon to have split horizon setup with internal connection?
I hope I don't know just correct terminology, could you help with that?
Is there DHCP option 119 alternative, which means list of internal
domains without additional search hints? Is there other way to configure it?

Thank you in advance.
Best regards,

1. https://tools.ietf.org/html/rfc3397
2. https://tools.ietf.org/html/rfc8598
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x4931CA5B6C9FC5CB_and_old_rev.asc
Type: application/pgp-keys
Size: 9364 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201112/d3d214c3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201112/d3d214c3/attachment.sig>

More information about the dns-operations mailing list