how to use server's local DNS when using bridge

[fa1rid]

I'm using Local Bridge tap_vpn with vDHCP without vNAT. I assigned "192.168.30.1" to the TAP device.
Everything works except the DNS "192.168.30.1"
I tried to enable systemd-resolved but with no luck.
Kindly advice how to make the clients use whatever DNS is set inside the server (/etc/resolv.conf).

[solo]

https://blogs.gnome.org/mcatanzaro/2020 ... iguration/

[fa1rid]

Sorry but I couldn't find an answer there. Kindly provide answer here.
Is it enough to just start systemd-resolved on the server? Are there any configurations I need to do?
Let me know please if you need any details about my setup.

[shakibamoshiri]

Sorry but I couldn't find an answer there. Kindly provide answer here.
Is it enough to just start systemd-resolved on the server? Are there any configurations I need to do?
Let me know please if you need any details about my setup.

UPDATE - this is answer is wrong

-> in SecureNAT
--> vNAT disabled
--> vDHCP enabled
--> vDHCP ip 192.168.30.2
--> Local Bridge for HUB of your vDHCP 192.168.30.1

-> in vDHCP
--> set "DNS Server Address 1" to 8.8.8.8 or whatever you liked

if the client (you have, or tested) DNS was not 8.8.8.8, that is the client issue not SE server
(have been tested with SE server stable, Debian 11, SSTP client on Android)

[fa1rid]

-> in vDHCP
--> set "DNS Server Address 1" to 8.8.8.8 or whatever you like

I don't want to use 8.8.8.8 or any other public DNS.
I want to use my server as a DNS relay to whatever DNS is configured on the server itself.

Same as when your home router is acting as a DNS with same ip as the gateway for example 192.168.0.1

[eddiewu]

You have two options.
Setup a DNS server like dnsmasq. dnsmasq will use the local resolver automatically.
Or setup NAT rules in iptables diverting the requests.
dnsmasq is faster.

[shakibamoshiri]

here is an approach with dnsmqsq

SE server
- SecureNAT > vNAT : disable
- SecureNAT > vDHCP : enable
- SecureNAT > vDHCP > DNS Server Address (e.g 192.168.30.1) the same as Local Bridge IP Address

SE server Local Bridge
- Local Bridge > soft tap (e.g tap_tap)

OS

Code: Select all

ip address add 192.168.30.1/24 brd + dev tap_tap

and

Code: Select all

cat /etc/resolv.conf
nameserver ::1
nameserver 127.0.0.1

dnsmasq

Code: Select all

cat /etc/dnsmasq.conf
# To use this computer to listen on its LAN IP address for other computers on the network.
listen-address=::1,127.0.0.1,192.168.30.1

# Set the number of cached domain names
cache-size=1000

# Google's nameservers, for example
server=8.8.8.8
server=8.8.4.4

# Uncomment expand-hosts to add the custom domain to hosts entries:
expand-hosts

how to test
- add a record to /etc/hosts (Linux)
- in "hosts" file sample: "0.0.0.0 example.com"
- connect to SE server using a client (mobile or PC)
- use "dig" to check it should gives you "0.0.0.0"

Code: Select all

dig +noall +answer example.com
example.com.           0            IN            A            0.0.0.0

[fa1rid]

It worked after installing dnsmasq. I didn't have to change any settings in it. Thank you guys.
Now when I make a virtHub offline the bridge interface is removed, how to automatically assign the bridge IP when I make it online again?
Is it maybe by creating a tap interface manually outside of SE server?

[shakibamoshiri]

It worked after installing dnsmasq. I didn't have to change any settings in it. Thank you guys.
Now when I make a virtHub offline the bridge interface is removed, how to automatically assign the bridge IP when I make it online again?
Is it maybe by creating a tap interface manually outside of SE server?

SE server level
you can use systemd service and assign ip via "ExecStartPort"

Code: Select all

ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/sbin/ip addr add 192.168.100.1/24 brd + dev tap_tap

HUB level
if you make a single hub down, not the whole SE server, then I think you should re-assign IP since that tap device was linked to this hub. HUB is down, tap is gone. HUB is up, tap is created so needs IP address.

Code: Select all

ip addr add 192.168.100.1/24 brd + dev tap_tap

OS level
it is possible to create a tap device using "iproute2" commands "ip" , but I did not see a way of linking back this tap devices into a HUB of SE server

Code: Select all

sudo ip tuntap add mode tap tap_tap