Missing default nameserver for dnsmasq after connecting with openconnect

Bug #1096326 reported by Sebastian Schweizer on 2013-01-05
76
This bug affects 17 people
Affects Status Importance Assigned to Milestone
network-manager-openconnect (Ubuntu)
Undecided
Unassigned

Bug Description

I configured my VPN account for my university (University of Kaiserslautern, Germany) with network-manager-gnome. I use openconnect to connect to the Cisco Anyconnect VPN.
It is a split setup, that is to say only the routes to my university's network are added. Default route is still my local router.
All routing works fine, but I have name resolution problems.

After establishing the connection dnsmasq (managed by network-manager) does not work. In the attached syslog you can see that dnsmasq gets nameservers through DBus. Nameservers for my universiy's domain and reverse lookup zones are configured (use university's resolver), but no default nameserver. So I can only resolve names in those zones:

sebastian@seb-laptop:~$ host 131.246.83.189
189.83.246.131.in-addr.arpa domain name pointer vpn-ipv4-0957.triple-a.uni-kl.de.
sebastian@seb-laptop:~$ host vpn-ipv4-0957.triple-a.uni-kl.de.
vpn-ipv4-0957.triple-a.uni-kl.de has address 131.246.83.189
vpn-ipv4-0957.triple-a.uni-kl.de mail is handled by 10 mailgate1.uni-kl.de.
vpn-ipv4-0957.triple-a.uni-kl.de mail is handled by 5 mailgate2.uni-kl.de.
sebastian@seb-laptop:~$ host google.de.
Host google.de not found: 5(REFUSED)

sebastian@seb-laptop:~$ cat /etc/resolv.conf | grep -v ^#
nameserver 127.0.1.1
search triple-a.uni-kl.de cbs239.de

sebastian@seb-laptop:~$ nm-tool
NetworkManager Tool
State: connected (global)
- Device: eth1 [cbs239.de] ----------------------------------------------------
  Type: 802.11 WiFi
  Driver: wl
  State: connected
  Default: yes
[...]
  IPv4 Settings:
    Address: 172.25.134.15
    Prefix: 21 (255.255.248.0)
    Gateway: 172.25.128.1
    DNS: 172.25.128.2
[...]

- VPN: [uni-kl.de] ------------------------------------------------------------
  State: connected
  Default: no

After disabling the VPN, everything works as expected again:
Jan 5 10:55:03 seb-laptop avahi-daemon[1147]: Withdrawing address record for 172.25.134.15 on eth1.
Jan 5 10:55:03 seb-laptop avahi-daemon[1147]: Leaving mDNS multicast group on interface eth1.IPv4 with address 172.25.134.15.
Jan 5 10:55:03 seb-laptop avahi-daemon[1147]: Interface eth1.IPv4 no longer relevant for mDNS.
Jan 5 10:55:03 seb-laptop avahi-daemon[1147]: Joining mDNS multicast group on interface eth1.IPv4 with address 172.25.134.15.
Jan 5 10:55:03 seb-laptop avahi-daemon[1147]: New relevant interface eth1.IPv4 for mDNS.
Jan 5 10:55:03 seb-laptop avahi-daemon[1147]: Registering new address record for 172.25.134.15 on eth1.IPv4.
Jan 5 10:55:05 seb-laptop NetworkManager[1165]: <info> Policy set 'cbs239.de' (eth1) as default for IPv4 routing and DNS.
Jan 5 10:55:05 seb-laptop NetworkManager[1165]: <info> Policy set 'cbs239.de' (eth1) as default for IPv6 routing and DNS.
Jan 5 10:55:05 seb-laptop NetworkManager[1165]: <info> ((null)): writing resolv.conf to /sbin/resolvconf
Jan 5 10:55:05 seb-laptop dnsmasq[1965]: setting upstream servers from DBus
Jan 5 10:55:05 seb-laptop dnsmasq[1965]: using nameserver 172.25.128.2#53
Jan 5 10:55:05 seb-laptop dbus[1100]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Jan 5 10:55:05 seb-laptop openconnect[2767]: Send BYE packet: Client killed
Jan 5 10:55:05 seb-laptop dbus[1100]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 5 10:55:05 seb-laptop avahi-daemon[1147]: Withdrawing workstation service for vpn0.
Jan 5 10:55:05 seb-laptop NetworkManager[1165]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/vpn0, iface: vpn0)
Jan 5 10:55:08 seb-laptop NetworkManager[1165]: <info> VPN service 'openconnect' disappeared

sebastian@seb-laptop:~$ host google.de
[...many A, AAAA and MX records...]

sebastian@seb-laptop:~$ cat /etc/resolv.conf | grep -v ^#
nameserver 127.0.1.1
search cbs239.de

I tried to change the VPN configuration from "Automatisch (VPN)" to "Automatisch (VPN), nur Adressen" and give a custom DNS server. The effect is, that this DNS server is used for the reverse zones announced by the VPN server, but dnsmasq has still no default nameservers. And the triple-a.uni-kl.de entry is not added to resolv.conf, but that makes no difference to me.

The expected behaviour would be something like this:
using nameserver 172.25.128.2#53 <-- this line is missing!
using nameserver 131.246.9.116#53 for Domain 165.68.192.in-addr.arpa
using nameserver 131.246.9.116#53 for Domain 166.68.192.in-addr.arpa
using nameserver 131.246.9.116#53 for Domain 168.68.192.in-addr.arpa
using nameserver 131.246.9.116#53 for Domain 246.131.in-addr.arpa
using nameserver 131.246.9.116#53 for Domain triple-a.uni-kl.de

I hope apport has attached all my system information. If you need more information just ask. I can provide everything from client side, but I have no influence on my university's servers.

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: network-manager-openconnect 0.9.6.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-21.32-generic 3.5.7.1
Uname: Linux 3.5.0-21-generic x86_64
NonfreeKernelModules: fglrx wl
ApportVersion: 2.6.1-0ubuntu9
Architecture: amd64
Date: Sat Jan 5 10:16:20 2013
InstallationDate: Installed on 2012-11-07 (59 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MarkForUpload: True
SourcePackage: network-manager-openconnect
UpgradeStatus: No upgrade log present (probably fresh install)

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status: New → Confirmed

Is anybody working on this? This bug is really annoyingly, it hits me on 12.04 LTS since a long time.

Ondrej Balaz (blami) wrote :

This issue is also present on 15.10 where dnsmasq-base is default behavior. Even when connection clearly sets default route and DNS servers are correctly displayed in Connection Information dialog they are always added only for given zones (is that split DNS?).

As a workaround following command can be used to send default DNS server(s) to dnsmasq using DBus:

sudo dbus-send --print-reply --system --dest=org.freedesktop.NetworkManager.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetServers uint32:<ip>

where <ip> is integer representation of name server IP address (network byte order).

aldebx (aldebx) wrote :

I confirm exactly the same issue on Ubuntu 15.10

A workaround is commenting out "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf

then restarting NetworkManager: sudo service NetworkManager restart

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers