nsswitch.conf doesn't specify 'resolve' to support systemd-resolved

After upgrading from Ubuntu 16.04 to 18.04, my openconnect vpn connection stopped working. The problem appeared to be related to DNS resolution. After some digging, I discovered that the vpnc-script hook executed by openconnect was adding my VPN DNS servers to /etc/resolv.conf, which systemd-resolve --status was reporting as part of the global config instead of being associated with my VPN interface (tun0). This appeared to break all VPN and non-VPN traffic in my configuration.

I found that vpnc-script needed to find 'resolve' in /etc/nsswitch.conf in order to correctly configure the VPN DNS servers with systemd-resolved instead of prepending them to /etc/resolv.conf.

http://git.infradead.org/users/dwmw2/vpnc-scripts.git/commitdiff/62e86babac9f734ba031a547501cbe8e5940d83b

Adding 'resolve' to the 'hosts:' line in my /etc/nsswitch.conf allowed normal traffic flow.

It seems like if 18.04 defaults to using systemd-resolve for DNS resolutions, then the default nsswitch.conf configuration should also declare 'resolve' in the 'hosts:' line, which does not appear to be the case. This would have allowed my VPN connection to continue working successfully after the upgrade.

$ lsb_release -rd
Description: Ubuntu 18.04 LTS
Release: 18.04

$ dpkg -l libc-bin openconnect systemd vpnc-scripts
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=============-==================-=============-================================================
ii libc-bin 2.27-3ubuntu1 amd64 GNU C Library: Binaries
ii openconnect 7.08-3 amd64 open client for Cisco AnyConnect VPN
ii systemd 237-3ubuntu10 amd64 system and service manager
ii vpnc-scripts 0.1~git20171005-1 all Network configuration scripts for VPNC and OpenConnect