Mirrors list

[Jeremy Lavergne]

You'd be using dnsmasq as a local cache, filtering with its bogus-nxdomain directive. If you make a query and it doesn't have the record cached, it'll ask the upstream (VPN's DNS).

You'll want to look at the "bogus-nxdomain" directive. From the example config file:
# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11

You'd also want at least these two lines:
listen-address=127.0.0.1
no-dhcp-interface=127.0.0.1

Once installed, configured and started, you can point your system at the local DNS first. Under your network connection, set the DNS to 127.0.0.1 first followed by whatever else the network provides. Depending on how your VPN operates (is it its own connection in the system preferences?) this might be perfect or it'll be too rigid and need changed when each connection uses a different DNS server.

If it doesn't seem viable, another option is to use a firewall to block the search IP address that we would have configured in bogus-nxdomain.

On Oct 23, 2013, at 5:08 PM, Timothy Hart wrote:

> I appreciate the help. I'm not familiar with dnsmasq. I'm inferring that I can set it up as my sole DNS source, and have it configured to behave as expected? We've been given the IP addresses of a couple internal DNS servers that behave appropriately, but our VPN DNS configuration continues to misbehave. The tricky part is that we'd still need to use the VPNs DNS server when we're connected off-site in order to resolve org specific names.