Resolve some hosts thats are dnssec signed differently
Petr Špaček
pspacek at isc.org
Wed Feb 8 14:40:47 UTC 2023
On 07. 02. 23 7:45, Matthias Fechner wrote:
>
> So if I would like to access idefix.fechner.net it makes a DNS lookup
> which returns the A record for idefix.fechner.net and it sees it does
> not belong to my interface so it uses the default gateway to go to my
> internet provider. It reaches my server in the internet, is routed into
> the openvpn tunnel and goes through my local firewall through a policy
> based NAT to a local IP (192.168.200.x). So you see that is not very
> efficient.
>
> My idea was to hook into the DNS and make sure to not return the IPv4
> address 195.30.95.36, but 192.168.0.1 (as all my devices at home are
> using my local bind here for lookup).
>
> I hope that explain it better what I would like to solve.
It seems to be that you are trying to fix rounting problem/suboptimality
in DNS... Perhaps consider routing 195.30.95.36 to the appropriate host
in your network directly - that way you don't have to do anything in the
DNS.
--
Petr Špaček
More information about the bind-users
mailing list