From marco.davids at sidn.nl Wed Nov 7 16:34:40 2012 From: marco.davids at sidn.nl (Marco Davids (SIDN)) Date: Wed, 7 Nov 2012 11:34:40 -0500 Subject: [Dnssec-trigger] OpenVPN? Message-ID: <509A8DA0.6060207@sidn.nl> Hi, Am I the only one who encounters problems with DNSSEC-trigger in combination with OpenVPN (Tunnelblick in fact)? The problem is related in assigning the proper name servers. Seems like a conflict between Tunnelblick and DNSSEC-trigger. Regards, -- Marco Davids Technical Advisor SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM T +31 (0)26 352 55 83 | M +31 (0)6 52 37 34 35 | F +31 (0)26 352 55 05 marco.davids at sidn.nl | www.sidn.nl | enum:+31652373435 | sip:583 at sidn.nl From marco.davids at sidn.nl Wed Nov 7 18:44:08 2012 From: marco.davids at sidn.nl (Marco Davids (SIDN)) Date: Wed, 7 Nov 2012 13:44:08 -0500 Subject: [Dnssec-trigger] OpenVPN? In-Reply-To: <20121107183516.GB19122@macbook.bluepipe.net> References: <509A8DA0.6060207@sidn.nl> <20121107183516.GB19122@macbook.bluepipe.net> Message-ID: <509AABF8.505@sidn.nl> On 11/7/12 1:35 PM, Phil Regnauld wrote: >> Am I the only one who encounters problems with DNSSEC-trigger in >> combination with OpenVPN (Tunnelblick in fact)? >> >> The problem is related in assigning the proper name servers. > > ... in the case where openvpn assigns the DNSes, right ? Correct. >> Seems like a conflict between Tunnelblick and DNSSEC-trigger. > > I use both, but don't send DNS information, so I'm not seeing > any problem there. Well, I'd prefer to send (and use) DNS information, because I send all of my traffic into the tunnel. Using the IETF-resolvers in such case, will result in REFUSED errors... -- Marco From regnauld at nsrc.org Wed Nov 7 18:35:16 2012 From: regnauld at nsrc.org (Phil Regnauld) Date: Thu, 8 Nov 2012 01:35:16 +0700 Subject: [Dnssec-trigger] OpenVPN? In-Reply-To: <509A8DA0.6060207@sidn.nl> References: <509A8DA0.6060207@sidn.nl> Message-ID: <20121107183516.GB19122@macbook.bluepipe.net> Marco Davids (SIDN) (marco.davids) writes: > Hi, > > Am I the only one who encounters problems with DNSSEC-trigger in > combination with OpenVPN (Tunnelblick in fact)? > > The problem is related in assigning the proper name servers. ... in the case where openvpn assigns the DNSes, right ? > Seems like a conflict between Tunnelblick and DNSSEC-trigger. I use both, but don't send DNS information, so I'm not seeing any problem there. Phil From regnauld at nsrc.org Wed Nov 7 20:06:33 2012 From: regnauld at nsrc.org (Phil Regnauld) Date: Thu, 8 Nov 2012 03:06:33 +0700 Subject: [Dnssec-trigger] OpenVPN? In-Reply-To: <509AABF8.505@sidn.nl> References: <509A8DA0.6060207@sidn.nl> <20121107183516.GB19122@macbook.bluepipe.net> <509AABF8.505@sidn.nl> Message-ID: <20121107200633.GD19988@macbook.bluepipe.net> Marco Davids (SIDN) (marco.davids) writes: > > > > ... in the case where openvpn assigns the DNSes, right ? > > Correct. > > > > I use both, but don't send DNS information, so I'm not seeing > > any problem there. > > Well, I'd prefer to send (and use) DNS information, because I send all > of my traffic into the tunnel. Using the IETF-resolvers in such case, > will result in REFUSED errors... Understood, I wasn't questioning that, just trying to scope the problem, to see if it could be something else. But there may indeed be some conflict in the hooks used by OpenVPN (I don't think it's TunnelBlick specific) when they change resolvers. I'm pretty sure dnssec-triggerd is doing something to revert that.