What's up with /etc/resolver/* and DNScrypt
Every time DNScrypt on OSX changes its config, it scribbles all over /etc/resolver with a bunch of domain-specific resolver config files, most of which are for weird domains. Huh?
Why do I care? Well, it's because this is how DNScrypt configures bypasses, but it's doing it wrong. It inserts the DNS resolver address of my home router into etc/resolver/* files when that's flat out wrong for the bypasses I need.
Now, if it just left manually-configured bypasses alone I'd be fine with that, but it overrides anything in that directory every time the config changes. So again you ask, why do I care?
Well, my company uses split horizon DNS (don't vomit) so *some* names ending in the company domain are't resolvable unless you're inside the perimeter (directly or via VPN, which of course also tries to screw around with your DNS settings). What I'd like to have is an /etc/resolver/example.com file which forces DNScrypt to bypass to the internal DNS servers.
So, I create this file, but every time DNSCrypt turns on or off it gets blown away.
(a) am i doing something wrong/stupid and there's a better way to accomplish bypass for domains with split-horizon DNS?
(b) if not, can I somehow prevent DNScrypt from scribbling all over the files I put in /etc/resolver?
(c) if not, can I somehow cajole DNScrypt to write correct bypass files when I put bypass domains into the config in the DNScrypt pref pane on OSX.
Are you using DNSCrypt on a workstation connected to your corporate network via VPN? This is the wrong approach, because it impacts or breaks local name resolution. You'll have to use it on your DNS server or router on the WAN side (for DNS forwarding), not on any end user device within the LAN. Or you have to disable DNSCrypt as long as you are connected to your corporate network. Then your problems will disappear.
Also, the DNSCrypt clients are not OpenDNS products. You'll have to refer to http://dnscrypt.org/ and to the support resources listed there.
Please sign in to leave a comment.