Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Без установки туннеля(VPN-соединения)
- # cat /etc/resolv.conf
- # This file is managed by man:systemd-resolved(8). Do not edit.
- #
- # This is a dynamic resolv.conf file for connecting local clients to the
- # internal DNS stub resolver of systemd-resolved. This file lists all
- # configured search domains.
- #
- # Run "systemd-resolve --status" to see details about the uplink DNS servers
- # currently in use.
- #
- # Third party programs must not access this file directly, but only through the
- # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
- # replace this symlink by a static file or a different symlink.
- #
- # See man:systemd-resolved.service(8) for details about the supported modes of
- # operation for /etc/resolv.conf.
- nameserver 127.0.0.53
- options edns0
- systemd-resolve --status
- Global
- DNSSEC NTA: 10.in-addr.arpa
- 16.172.in-addr.arpa
- 168.192.in-addr.arpa
- 17.172.in-addr.arpa
- 18.172.in-addr.arpa
- 19.172.in-addr.arpa
- 20.172.in-addr.arpa
- 21.172.in-addr.arpa
- 22.172.in-addr.arpa
- 23.172.in-addr.arpa
- 24.172.in-addr.arpa
- 25.172.in-addr.arpa
- 26.172.in-addr.arpa
- 27.172.in-addr.arpa
- 28.172.in-addr.arpa
- 29.172.in-addr.arpa
- 30.172.in-addr.arpa
- 31.172.in-addr.arpa
- corp
- d.f.ip6.arpa
- home
- internal
- intranet
- lan
- local
- private
- test
- Link 5 (br-9f3b065f82d6)
- Current Scopes: none
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- Link 4 (docker0)
- Current Scopes: none
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- Link 3 (wlo1)
- Current Scopes: none
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- Link 2 (enp4s0)
- Current Scopes: DNS
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- DNS Servers: 8.8.8.8
- 8.8.4.4
- DNS Domain: ~.
- После установки туннеля(VPN-соединения)
- # cat /etc/resolv.conf
- options edns0
- nameserver 10.31.70.1
- nameserver 10.31.70.2
- search vpn-zagreb.spribe.io
- # systemd-resolve --status
- Global
- DNSSEC NTA: 10.in-addr.arpa
- 16.172.in-addr.arpa
- 168.192.in-addr.arpa
- 17.172.in-addr.arpa
- 18.172.in-addr.arpa
- 19.172.in-addr.arpa
- 20.172.in-addr.arpa
- 21.172.in-addr.arpa
- 22.172.in-addr.arpa
- 23.172.in-addr.arpa
- 24.172.in-addr.arpa
- 25.172.in-addr.arpa
- 26.172.in-addr.arpa
- 27.172.in-addr.arpa
- 28.172.in-addr.arpa
- 29.172.in-addr.arpa
- 30.172.in-addr.arpa
- 31.172.in-addr.arpa
- corp
- d.f.ip6.arpa
- home
- internal
- intranet
- lan
- local
- private
- test
- Global
- DNSSEC NTA: 10.in-addr.arpa
- 16.172.in-addr.arpa
- 168.192.in-addr.arpa
- 17.172.in-addr.arpa
- 18.172.in-addr.arpa
- 19.172.in-addr.arpa
- 20.172.in-addr.arpa
- 21.172.in-addr.arpa
- 22.172.in-addr.arpa
- 23.172.in-addr.arpa
- 24.172.in-addr.arpa
- 25.172.in-addr.arpa
- 26.172.in-addr.arpa
- 27.172.in-addr.arpa
- 28.172.in-addr.arpa
- 29.172.in-addr.arpa
- 30.172.in-addr.arpa
- 31.172.in-addr.arpa
- corp
- d.f.ip6.arpa
- home
- internal
- intranet
- lan
- local
- private
- test
- Link 28 (tun0)
- Current Scopes: none
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- Link 5 (br-9f3b065f82d6)
- Current Scopes: none
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- Link 4 (docker0)
- Current Scopes: none
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- Link 3 (wlo1)
- Current Scopes: none
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- Link 2 (enp4s0)
- Current Scopes: DNS
- LLMNR setting: yes
- MulticastDNS setting: no
- DNSSEC setting: no
- DNSSEC supported: no
- DNS Servers: 8.8.8.8
- 8.8.4.4
- DNS Domain: ~.
- # ip r sh
- default via 192.168.1.1 dev enp4s0 proto static metric 100
- 10.19.12.0/25 dev tun0 scope link
- 10.31.64.0/20 dev tun0 scope link
- 10.31.70.1 dev tun0 scope link
- 10.31.70.2 dev tun0 scope link
- 10.31.74.0/24 dev tun0 scope link
- 10.32.64.0/20 dev tun0 scope link
- 10.41.63.0/24 dev tun0 scope link
- 10.41.64.0/20 dev tun0 scope link
- 169.254.0.0/16 dev enp4s0 scope link metric 1000
- 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
- 172.20.0.0/16 dev br-9f3b065f82d6 proto kernel scope link src 172.20.0.1 linkdown
- 188.93.89.144/28 dev tun0 scope link
- 192.168.1.0/24 dev enp4s0 proto kernel scope link src 192.168.1.55 metric 100
- 192.168.78.0/24 dev tun0 scope link
- 194.36.47.144/28 dev tun0 scope link
- 194.36.47.149 via 192.168.1.1 dev enp4s0 src 192.168.1.55
- ВЕСЬ трафик на UDP порт 53 идет через интерфейс tun0(tcpdump -nn -i tun0 udp port 53), а на интерфейсе enp4s0 по протоколу udp и порту 53 вообще нет пакетов (tcpdump -nn -i enp4s0 udp port 53)
- У меня несколько приложений, которые подключаютcя к внешним ресурсам/сайтам, работают в фоне(личный мониторинг, корпоративный тайм-трекер, skype и т.д.) и все они ходят за внешними DNS-именами через туннель
- т.к. используются DNS-сервера с подсети, которая доступна через этот интерфес (10.31.70.1,10.31.70.2)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement