What is currently missing in my opinion is a flexible way to decide
which connections are used for default DNS queries (those not matching
any lookup domain).
A possible way to do this is to choose connections that have the
highest value of a new 'dns.default-priority' property. Since we want
to have default values that work for most users, the default value of
the property would be 'auto' (0), which means:
* 1000 for full-tunnel VPNs
* 500 for non-VPN connections
* -1 for split-tunnel VPNs. -1 means that the connection is never
used for default DNS lookups
For example, if you have a full-tunnel VPN with search domain
'example.com' and a local connection with search domain 'local.com',
the following entries would be added to dnsmasq:
If you want that all queries go through the full-tunnel VPN with no
exceptions, also set ipvx.dns-priority -1 for the VPN and dnsmasq will
be configured with:
BTW, for ipvx.dns-priority we consider lower values with higher
priority while for dns.default-priority it's the other way around. I
believe doing ipvx.dns-priority that way was a mistake because it is
counterintuitive.
Users can also set custom value for dns.default-priority to tweak the
configuration to their needs.
What is currently missing in my opinion is a flexible way to decide
which connections are used for default DNS queries (those not matching
any lookup domain).
A possible way to do this is to choose connections that have the priority' property. Since we want
highest value of a new 'dns.default-
to have default values that work for most users, the default value of
the property would be 'auto' (0), which means:
* 1000 for full-tunnel VPNs
* 500 for non-VPN connections
* -1 for split-tunnel VPNs. -1 means that the connection is never
used for default DNS lookups
For example, if you have a full-tunnel VPN with search domain
'example.com' and a local connection with search domain 'local.com',
the following entries would be added to dnsmasq:
/example. com/VPN- nameserver com/local- nameserver
/local.
VPN-nameserver # default
But if the VPN is split-tunnel (doesn't get the default route):
/example. com/VPN- nameserver com/local- nameserver
/local.
local-nameserver # default
If you want that all queries go through the full-tunnel VPN with no
exceptions, also set ipvx.dns-priority -1 for the VPN and dnsmasq will
be configured with:
/example. com/VPN- nameserver
VPN-nameserver # default
BTW, for ipvx.dns-priority we consider lower values with higher priority it's the other way around. I
priority while for dns.default-
believe doing ipvx.dns-priority that way was a mistake because it is
counterintuitive.
Users can also set custom value for dns.default- priority to tweak the
configuration to their needs.
What do you think? Any other ideas?