Configuring Network Manager to redirect domains to specific DNS servers on vpn connections.

Some work networks and vpn’s use “internal” DNS servers to resolve, for example a work vpn (like mine) which has dns resolving hosts to internal addresses, where as you get external addresses when not on the host network. To start with Network Manager needs to be configured to use dnsmasq. See this post.

The example being, while not connected to the network, somework.com would resolve to 203.33.22.10 while when using the internal network it would resolve to something like 10.3.44.2.

So, when connected to the vpn, this requirement for internal resolution should be used as well. To do this we use Network Manager and its ability to run scripts on interface connection and disconnection.

The scripts go in /etc/NetworkManager/dispatcher.d and should be named with numbers for priority, Here is my “90-dnsmasq-vpn”. You will need to change the “CONNECTION_ID” and configure your own overrides.


#!/bin/sh
#
# NetworkManager dispatcher script to prevent messing with DNS servers in the
# LAN.
#

DNSMASQ_RESOLV=/etc/NetworkManager/dnsmasq.d/trimble

write_dnsmasq_header()
{
if [ ! -e ${DNSMASQ_RESOLV} ]
then
echo "# ${DNSMASQ_RESOLV} generated on $(date)" > ${DNSMASQ_RESOLV}
echo "# Generator: ${0}" >> ${DNSMASQ_RESOLV}
echo "# Connection: ${CONNECTION_ID} ${CONNECTION_UUID}" >> ${DNSMASQ_RESOLV}
fi
}

create_dnsmasq_config_from_resolv_conf()
{
write_dnsmasq_header

echo "server=/work.com/10.3.10.122" >> ${DNSMASQ_RESOLV}
echo "server=/workcorp.net/10.3.10.122" >> ${DNSMASQ_RESOLV}
echo "server=/workgroup.net/10.3.10.122" >> ${DNSMASQ_RESOLV}
echo "server=/workgroup.com/10.3.10.122" >> ${DNSMASQ_RESOLV}
}

remove_dnsmasq_config()
{
rm -f ${DNSMASQ_RESOLV}
}

reload_dnsmasq()
{
service NetworkManager reload
}

if [ "${CONNECTION_ID}" = "My Work VPN" ]
then
case "$2" in
"up")
;;
"vpn-up")
create_dnsmasq_config_from_resolv_conf
reload_dnsmasq
;;
"down")
;;
"vpn-down")
remove_dnsmasq_config
reload_dnsmasq
;;
esac
fi

The only issue with this, is that if you shutdown while connected to the vpn, the script may not be called with “vpn-down”

Leave a Reply

Your email address will not be published. Required fields are marked *