Every time DNScrypt on OSX changes its config, it scribbles all over /etc/resolver with a bunch of domain-specific resolver config files, most of which are for weird domains. Huh?
Why do I care? Well, it's because this is how DNScrypt configures bypasses, but it's doing it wrong. It inserts the DNS resolver address of my home router into etc/resolver/* files when that's flat out wrong for the bypasses I need.
Now, if it just left manually-configured bypasses alone I'd be fine with that, but it overrides anything in that directory every time the config changes. So again you ask, why do I care?
Well, my company uses split horizon DNS (don't vomit) so *some* names ending in the company domain are't resolvable unless you're inside the perimeter (directly or via VPN, which of course also tries to screw around with your DNS settings). What I'd like to have is an /etc/resolver/example.com file which forces DNScrypt to bypass to the internal DNS servers.
So, I create this file, but every time DNSCrypt turns on or off it gets blown away.
(a) am i doing something wrong/stupid and there's a better way to accomplish bypass for domains with split-horizon DNS?
(b) if not, can I somehow prevent DNScrypt from scribbling all over the files I put in /etc/resolver?
(c) if not, can I somehow cajole DNScrypt to write correct bypass files when I put bypass domains into the config in the DNScrypt pref pane on OSX.
Please sign in to leave a comment.