NetworkManager

Bug #1624317
Comment #128

Comment 128 for bug 1624317

Revision history for this message

In bugzilla.gnome.org/ #783569, Nicholas Stommel (nstommel) wrote on 2017-06-13:

#128

(same results running command without backticks and with sudo)
noctua@corinth:~$ `nmcli connection modify "tun0" ipv4.dns-priority -42`

noctua@corinth:~$ systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 209.222.18.222
                      209.222.18.218

Link 2 (wlo1)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.1
          DNS Domain: home

Extended Test results from https://dnsleaktest.com/
**********
Test complete

Query round Progress... Servers found
  1 ...... 2
  2 ...... 3
  3 ...... 1
  4 ...... 2
  5 ...... 2
  6 ...... 2
IP Hostname ISP Country
71.242.0.150 none Verizon Internet Services United States
173.239.219.2 ip-2-219-239-173.east.us.northamericancoax.com LogicWeb Inc United States
71.242.0.174 none Verizon Internet Services United States
71.242.0.230 none Verizon Internet Services United States
**********

I still get DNS leaks where queries are clearly being sent to my ISP even if this command is run with/without sudo. So...that doesn't work and I believe my original claim about systemd-resolved ignoring connection priority stands.

(same results running command without backticks and with sudo)
noctua@corinth:~$ `nmcli connection modify "tun0" ipv4.dns-priority -42`

Extended Test results from https://dnsleaktest.com/
**********
Test complete

Query round Progress... Servers found
  1          ......              2
  2          ......              3
  3          ......              1
  4          ......              2
  5          ......              2
  6          ......              2
IP	Hostname	ISP	Country
71.242.0.150	none	Verizon Internet Services	United States
173.239.219.2	ip-2-219-239-173.east.us.northamericancoax.com	LogicWeb Inc	United States
71.242.0.174	none	Verizon Internet Services	United States
71.242.0.230	none	Verizon Internet Services	United States
**********