celzero
Local domains trying to get resolved by system DNS
After updating from 0.5.5j to 0.5.5k, my local domain names ( i.e. example.home) are being sent to system DNS, which cannot resolve them, obviously. Everything else is getting sent to my DNS as per my settings.
On top of that, local traffic on 192.168.0.0/16 subnet is blocked unless specifically allowed by firewall rules. Going to 0.5.5l did not solve this issue.
Is that a bug or was this behaviour changed on purpose ? If done on purpose, what's the reasoning behind this?
Is that a bug or was this behaviour changed on purpose?
On purpose: #1466
If done on purpose, what's the reasoning behind this?
Some folks have .local, .lan, .internal etc configured on System DNS. Unfortunately, changing the behaviour has now broken your workflow.
my local domain names ( i.e. example.home) are being sent to system DNS
I guess we should introduce a new setting that lets users decide just which DNS should resolve local domains?
Yes, a setting to control that behaviour would be great. I'll stay on 0.5.5j for now.
Thank you for the quick response :)
Related feature request from Matrix (by @deknos82:matrix.org).
10:21 AM can someone please make some official domains, which should be only for non-routable and/or for non-unicast-dns-zones? with ipv6 this need increases quite much as no one wants to remember the long ips.
10:23 AM something lik, please reserver *.lan, *.wan, *.man, *.link, *.site, *.multi, *.cast, and *.{lan,wan,man,link,multi.site}.cast?
Thanks.
Related feature request from Matrix (by @deknos82:matrix.org). something lik, please reserver *.lan, *.wan, *.man, *.link, *.site, *.multi, *.cast, and *.{lan,wan,man,link,multi.site}.cast?
Do they want these (uncommon?) domains to be sent to System DNS?
Do they want these (uncommon?) domains to be sent to System DNS?
They... Both want the ability to have them sent to system DNS, and the ability to customize said endpoint...
Though I guess only normal UDP 53 DNS should be supported for a custom endpoint, as I don't think it's possible to issue a TLS certificate for LAN, and DNSCrypt... Isn't exactly needed?
Gotcha.
Both want the ability to have them sent to system DNS
Covered by #1153
the ability to customize said endpoint...
To send certain top-level domains to specific upstreams? Depends on us impl support for multiple active DNS upstreams: #824 (which is infact already supported but the UI is complicated for it and so it remains hidden away).
I have the Problem that I`m not able to get access to my local lan over VPN. I try to route everything over VPN (even at home). I was sucessfull in my own lan but not on mobile connection. That means somehow local IPs could bypass my vpn.
Could I do something against that?
That means somehow local IPs could bypass my vpn.
Only if you turn ON Do not route Private IPs in Configure -> Network. Otherwise, this shouldn't happen.
access to my local lan over VPN
Rethink runs WireGuard in "proxy" mode and not "VPN" mode. The problem this leads to us that certain scenarios (LAN) don't yet work. We are trying to see what we can do to improve this, but thus far haven't been able to make much progress (the solution isn't simple).
See:
- #1725
- #1660
- #1618
- etc
Only if you turn ON Do not route Private IPs in Configure -> Network. Otherwise, this shouldn't happen.
This entry is deactivated and greyed out because of Lockdown-Mode.
Rethink v0.5.5n from f-droid
This entry is deactivated and greyed out because of Lockdown-Mode.
Only if you turn ON Do not route Private IPs in Configure -> Network. Otherwise, this shouldn't happen.
I was sucessfull in my own lan but not on mobile connection. That means somehow local IPs could bypass my vpn.
If the local IP bypasses a "lockdown mode" VPN, the ROM (the OS) may be at fault. It isn't suppose to bypass a "lockdown mode" VPN.
Regardless, LAN access over Rethink's WireGuard impl is a work-in-progress (though, I must say that my attempts to make it work have thus far been futile :( Haven't given up, I am trying still...).