In case you haven’t noticed, ALL traffic that happens on your machine after you connect with the VPN client gets rerouted through Company’s own DNS, which means whenever you’re listening to Grooveshark or watching a YouTube video, it is going through Company DNS. To avoid wasting the company resources and slowing us down, I’ve devised a way to filter our traffic so that only company-related requests go through Company DNS; everything else will go to our direct, local connection.
-
Install dnsmasq.
-
Make sure the first reference in your resolv.conf file is your local IP, that:
nameserver 127.0.0.1
Sometimes this file gets generated automatically, so changes won’t stay. In Archlinux, there is another file,
/etc/resolv.conf.head
which will always get prepended to resolv.conf, so that would work. No idea for other systems. -
Configure main dnsmasq file, like this
/etc/dnsmasq.conf
in my case:listen-address=127.0.0.1 conf-dir=/etc/dnsmasq.d
-
Setup the configuration folder you just setup:
mkdir -p /etc/dnsmasq.d
-
Create a new configuration file,
/etc/dnsmasq.d/companyvpn.conf
, with this setup:no-resolv no-poll server=/company.net/192.168.253.1 server=/company.net/192.168.253.2 server=/192.in-addr.arpa/192.168.253.1 server=/192.in-addr.arpa/192.168.253.2 server=8.8.8.8 server=8.8.4.4 log-queries log-facility=/var/log/dnsmasq.log
That will make it so that, whenever you access domain ending in company.net
or access an IP range like 192.x.x.x
, it will get redirected to the VPN (Company) DNS. In this case, everything else should go straight to Google DNSes.
Also, the log-
related entries are just when testing if dnsmasq is really doing its magic or not. You can delete them afterwards.
That’s it for now.
PS: Remember to enable dnsmasq as a service, so that it’s always started at system boot, and remember to start your VPN client anyways before actually trying to access the company network. Just in case. :happy: