You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.
Use case: sending only Active Directory requests through a VPN tunnel. Active Directory uses SRV records to direct clients to the kerberos and LDAP services (which aren't necessarily all on the same machine). Rules.cfg:
The pattern match seems to be run only on A or AAAA requests. The following illustrates the problem:
# from WSL because dig >> nslookup
dig A some-computer.ad.contoso.com @127.0.0.1
# returns A record resolved from 10.0.123.10 [good]
dig SRV _ldap._tcp.ad.contoso.com @10.0.123.10
# 10.0.123.10 returns correct SRV records [as expected]
dig SRV _ldap._tcp.ad.contoso.com @127.0.0.1
# resolves using DefaultNameServer, no answer. [should have matched pattern]
There is a very bad workaround, which is to set DefaultNameServer to the nameserver which should resolve the SRV requests and have a "*" rule before the pattern above sending most requests to the real default one... except then every non-contoso.com SRV request would fail when the VPN is disconnected.
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Use case: sending only Active Directory requests through a VPN tunnel. Active Directory uses SRV records to direct clients to the kerberos and LDAP services (which aren't necessarily all on the same machine). Rules.cfg:
The pattern match seems to be run only on A or AAAA requests. The following illustrates the problem:
There is a very bad workaround, which is to set
DefaultNameServer
to the nameserver which should resolve the SRV requests and have a "*" rule before the pattern above sending most requests to the real default one... except then every non-contoso.com
SRV request would fail when the VPN is disconnected.The text was updated successfully, but these errors were encountered: