This repository was archived by the owner on Jun 24, 2022. It is now read-only.
This repository was archived by the owner on Jun 24, 2022. It is now read-only.
Does not match SRV requests with wildcard rules #32
Description
Use case: sending only Active Directory requests through a VPN tunnel. Active Directory uses SRV records to direct clients to the kerberos and LDAP services (which aren't necessarily all on the same machine). Rules.cfg:
[
{
"Pattern": "^(.*)\\.ad\\.contoso\\.com$",
"NameServer": "10.0.123.10"
}
]The pattern match seems to be run only on A or AAAA requests. The following illustrates the problem:
# from WSL because dig >> nslookup
dig A some-computer.ad.contoso.com @127.0.0.1
# returns A record resolved from 10.0.123.10 [good]
dig SRV _ldap._tcp.ad.contoso.com @10.0.123.10
# 10.0.123.10 returns correct SRV records [as expected]
dig SRV _ldap._tcp.ad.contoso.com @127.0.0.1
# resolves using DefaultNameServer, no answer. [should have matched pattern]There is a very bad workaround, which is to set DefaultNameServer to the nameserver which should resolve the SRV requests and have a "*" rule before the pattern above sending most requests to the real default one... except then every non-contoso.com SRV request would fail when the VPN is disconnected.