Configure unbound to send correct ECS like Google Public DNS

Joe Abley jabley at hopcount.ca
Thu Aug 11 16:43:34 UTC 2022


On Aug 11, 2022, at 18:29, Igor Sverkos via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:

> well, our VPN solution is already capable of requesting different DHCP
> ranges depending on client location. So it should be possible to use
> this information in unbound (i.e. assign different tags per DHCP range
> and apply different settings per tag).

You'd still have to get that tunnel endpoint information from your VPN infrastructure into your internal resolver in some way, and I don't know that there's an existing way to do that in general (never mind with whatever VPN machinery you are using). No doubt proper unbound people will correct that ignorance if that's what it is.

More broadly, this feels like a hole that you can either get out of or dig deeper.

"Disconnect from the VPN if you want the Internet to work" is good general information for everybody, even if it's a bit rude to people who like VPNs.

Another answer is not to insist that devices attached via the VPN use your internal resolver, and instead make whatever internal DNS names you need available through the public DNS.


Joe


More information about the Unbound-users mailing list