Network Manager, Dnssec and VPN

I want dnssec resolution on my desktop fedora.
sudo dnf install unbound dnssec-trigger
sudo systemctl enable unbund
sudo systemctl start unbound dnssec-trigger

sudo vi /etc/NetworkManager/Networkmanager.conf
add dns=unbound
sudo systemctl restart NetworkManager

/etc/resolv.conf contains so unbound is used to resolve cool !!!

Before that I would get resol.conf populated by dhcp.

I’m using opnevpn and it pushes somethinlike :
domaine.xxxx domain.yyyy

When dnssec-trigger manages resolv.conf, I can’t resolve internal names anymore. Is there a way to configure unbound+networkmanager+dsnsec-trigger so that when the vpn is up I can resolve namees using the 10.X 10.Y dns entries ?

1 Like

You can either ignore DNS from the VPN connection:

nmcli connection modify VPN_CON ipv4.ignore-auto-dns yes ipv6.ignore-auto-dns yes

Or use split-DNS and DNSSEC via systemd-resolved:

sudo systemctl --now enable systemd-resolved.service
sudo ln -r -s -f /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
sudo systemctl restart NetworkManager.service
resolvectl status