Today I flipped my corporate laptop over to Linux. Since we use Cisco's AnyConnect client, which can be a bit... finicky in some environments, I decided to set up my work VPN connection using vpner and route internal traffic through that docker container. However, this led to a problem: either I could set my host's DNS to use an internal DNS server manually every time I connect, or I'd have to live with connecting to direct IP addresses forever. Neither of these options is particularly pleasant, so instead I did a bit of reading on dnsmasq , and found you can control which DNS server is used for certain addresses or domains pretty trivially. I'm using Ubuntu here, change your paths and restart commands accordingly.
First off, we want to create a file for Dnsmasq to read directives from:
sudo touch /etc/NetworkManager/dnsmasq.d/companyname
Now, using your editor of choice, simply set the domains you want to use an alternate DNS server for. Assuming 10.10.10.1 is our internal DNS:
server=/dc01.internal.corp.com/10.10.10.1
server=/.testenv.corp.com/10.10.10.1
The first directive tells any DNS lookup for dc01.internal.corp.com
to check with 10.10.10.1 for an address. The second directive is much
more useful - . at the start of a domain is a wildcard, so any requests
to *.testenv.corp.com will look to our internal DNS for resolution. Once
that's all done, restart NetworkManager to pick up the new settings:
sudo service network-manager restart
So, now I can work away over VPN without any interruptions, and my normal web browsing isn't massively slowed down by going through the corporate proxy. Once I've disconnected from VPN, I don't need to update anything, since I'm not going to be using any internal sites at that point anyway, win-win.