NetworkManager

  1. Bug #651007
  2. Comment #9

Comment 9 for bug 651007

Revision history for this message
Pentarh Udi (pentarh) wrote : Re: Does not correctly write resolv.conf

I found a bug related to this one.

NetworkManager must REWRITE resolv.conf with new DNS servers obtained from openvpn, rather appending these ones to resolv.conf.

I.e. if NM obtained DNS servers 1.1.1.1 and 2.2.2.2 from openvpn, resolv.conf must contain ONLY them after success connection, because previous DNS servers may become unreachable.

In my case resolv.conf BEFORE openvpn connection is:
---------
nameserver 212.48.193.37
nameserver 192.168.100.1
---------

And after is:
---------
# Generated by NetworkManager
nameserver 88.85.66.222
nameserver 78.140.128.205
nameserver 213.158.7.2
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 212.48.193.37
nameserver 192.168.100.1
--------

In this case last three servers are invalid as they are not reachable after VPN connection, so name resolve becomes totally slow after openvpn connection because libc tries to get DNS answer from all servers:

--------------

root@pentarh-netbook:/var/log# tcpdump -i tun0 -n port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
22:33:46.803557 IP 10.20.10.6.55426 > 213.158.7.2.53: 32890+ A? mail.google.com. (33)
22:33:51.807076 IP 10.20.10.6.58861 > 212.48.193.37.53: 32890+ A? mail.google.com. (33)
22:33:55.521957 IP 10.20.10.6.60601 > 213.158.7.2.53: 49670+ A? www.google.com. (32)
22:34:00.527135 IP 10.20.10.6.57982 > 212.48.193.37.53: 49670+ A? www.google.com. (32)
22:34:09.760264 IP 10.20.10.6.39286 > 88.85.66.222.53: 27804+ A? pagead2.googleadservices.com. (46)
22:34:09.946468 IP 88.85.66.222.53 > 10.20.10.6.39286: 27804 5/4/4 CNAME pagead.l.google.com., A 209.85.149.167, A 209.85.149.164, A 209.85.149.165, A 209.85.149.166 (276)
22:34:11.505444 IP 10.20.10.6.45653 > 213.158.7.2.53: 41142+ A? chatenabled.mail.google.com. (45)
--------------

As you can see, libc tries to resolve mail.google.com from old unreachable servers and gets the answer from correct DNS after 20 seconds (!!!) of first query.

This should be fixed, it makes OpenVPN plugin for NM unusable.