[afeiszli]

Split DNS is super complicated to implement client side. We halfway implemented a solution and backtracked, eventually settling on just setting /etc/hosts. There's way too many variables involved across all the different operating systems.

[sph]

These days it's pretty simple to achieve with systemd-resolved. I've been playing with split DNS and VPNs for a while and it seems it's a solved problem on Linux, finally.

The big hurdle is understanding the concept of search domain vs routing domain and the interaction with resolved and NetworkManager.

[Fnoord]

Funny, systemd is like an opposite of wireguard in design goal. I believe the UNIX way would be /etc/hosts but some way to sync these within clients. Like etcd or whatever.

[jeltz]

An issue with /etc/hosts is that it is just one file and you do not want etcd to own all the config you would need to use something like NIS instead.

[Fnoord]

Ah yes, my bad. /etc/nsswitch.conf (which is also a Linux-ism but BSDs have something similar) supports LDAP. However, an advantage of /etc/hosts is the low latency since its not networked, while LDAP would result to overhead. Still, I believe that would be a suitable alternative. There's some non-bloated alternatives to OpenLDAP, and also an option could be caching.

[afeiszli]

Yeah that’s what we used, but not all Linux supports it, and that still leaves non-Linux as well. But hosts files are universal.