DNS queryes source interface

Ventresca · Apr 11, 2022, 7:02 AM

Hello everybody,

I'm new to TNSR and I'm evaluating the software.

I didn't found the possibility to configure a "source interface" for the DNS queries.

The scenario is a TNSR router with a loopback interface that has an ip address with internet access via an uplink, the other interfaces don't have internt access and them are used only for p2ps or local networking.

Now when I configure the time synchronization with NTP, I configure a pool of ntp servers with the pool option and a FQDN for the server address, the source interface for the NTP si always the loopback interface with internet access and the namespace of the server is dataplane.

Now the time doesn't synchronize because the DNS queries are not sourced from the loopback interface (the only with internet access) and the resolution of the name of the pool fails.

Can someone help me? :)

Many thanks.

Fabio.

jimp · Apr 11, 2022, 1:38 PM

The best way to address that is probably to ensure that you have the local unbound server configured and enabled on TNSR, and set the resolver for the host and dataplane namespaces to use 127.0.0.1.

Then you should be able to set:

tnsr(config)# unbound server
tnsr(config-unbound)# outgoing-interface <IP address>

Ventresca · Apr 11, 2022, 2:24 PM

Thank you for your answer. :)

I think this should be a "workaround". :)

If I have understood right, I have to set up a local DNS server with the loopback as the source interface and after configure the local server as my DNS server, right?

Any hope for the future developments to have the possibility to specify a source interface for the DNS queries? :)

Anyway many thanks for the hint, really appreciated. :)

Best Regards.

Fabio.

jimp · Apr 11, 2022, 2:32 PM

The name resolution at the OS level uses systemd-resolve which as far as I can see in its docs (not the TNSR docs, but the docs for the OS) does not support specifying a source address.

Using unbound to control this behavior isn't a workaround, it's the most flexible and potentially only way to configure the behavior you want.

Ventresca · Apr 11, 2022, 2:35 PM

@jimp said in DNS queryes source interface:

The name resolution at the OS level uses systemd-resolve which as far as I can see in its docs (not the TNSR docs, but the docs for the OS) does not support specifying a source address.

Using unbound to control this behavior isn't a workaround, it's the most flexible and potentially only way to configure the behavior you want.

Ok, now is perfectly clear, thank you again for your help! :)