$ nmcli -f IP4 dev list | grep DNS
IP4.DNS[1]: 192.168.1.254
IP4.DNS[1]: 192.168.1.254
In fact, nmcli seems to have no knowledge at all of the VPN. But this doesn't seem to matter.
Now (a) if "dns=dnsmasq" then NetworkManager passes the address 127.0.1.1 (which is the listen address of the dnsmasq instance that it controls) to resolvconf
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search mydom corp.com
and passes the correct addresses to the dnsmasq instance that it controls, as evidenced by dnsmasq's messages in syslog.
[...] dnsmasq[5803]: setting upstream servers from DBus
[...] dnsmasq[5803]: using nameserver 172.17.1.2#53 for domain 17.172.in-addr.arpa
[...] dnsmasq[5803]: using nameserver 172.17.1.2#53 for domain corp.com
[...] dnsmasq[5803]: using nameserver 192.168.1.254#53
[...] dnsmasq[5803]: using nameserver 192.168.1.254#53
Testing reveals that LAN, Internet and VPN names are all resolved correctly and I can see with wireshark that the DNS queries are forwarded to the correct addresses by dnsmasq. That is *.corp.com queries go to 172.17.1.2 and other queries to 192.168.1.254.
If (b) "dns=dnsmasq" is commented out then NetworkManager passes the VPN nameserver and LAN nameserver addresses, in that order, to resolvconf.
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.17.1.2
nameserver 192.168.1.254
search mydom corp.com
Testing reveals that Internet and VPN names are resolved correctly but LAN names are not and I can see that all queries go to the VPN nameserver.
This is all as I would expect, except (as I mentioned earlier) for the nmcli output, which fails to include any VPN information.
Conclusion: I can't reproduce the bug. Name service works for me with or without "dns=dnsmasq" insofar as I would expect.
P.S. Oscar, and everyone else who has commented, please say what version of network- manager- openvpn you are using.
I have just done some testing. I have the following package versions.
network-manager 0.9.8.0-0ubuntu17 manager- dev 0.9.8.0-0ubuntu6 manager- gnome 0.9.8.0-1ubuntu2 manager- openvpn 0.9.8.2-1ubuntu2
network-
network-
network-
When I make an OpenVPN connection to corp.com via my home LAN which has local TLD "mydom" I see the following in /var/log/syslog.
[...] NetworkManager[ 1247]: <info> Internal DNS: 172.17.1.2
Whether dns=dnsmasq or not I get the following.
$ nmcli -f IP4 dev list | grep DNS
IP4.DNS[1]: 192.168.1.254
IP4.DNS[1]: 192.168.1.254
In fact, nmcli seems to have no knowledge at all of the VPN. But this doesn't seem to matter.
Now (a) if "dns=dnsmasq" then NetworkManager passes the address 127.0.1.1 (which is the listen address of the dnsmasq instance that it controls) to resolvconf
$ cat /run/resolvconf /interface/ NetworkManager
domain mydom
search corp.com mydom
nameserver 127.0.1.1
which turns up in resolv.conf .
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search mydom corp.com
and passes the correct addresses to the dnsmasq instance that it controls, as evidenced by dnsmasq's messages in syslog.
[...] dnsmasq[5803]: setting upstream servers from DBus
[...] dnsmasq[5803]: using nameserver 172.17.1.2#53 for domain 17.172.in-addr.arpa
[...] dnsmasq[5803]: using nameserver 172.17.1.2#53 for domain corp.com
[...] dnsmasq[5803]: using nameserver 192.168.1.254#53
[...] dnsmasq[5803]: using nameserver 192.168.1.254#53
Testing reveals that LAN, Internet and VPN names are all resolved correctly and I can see with wireshark that the DNS queries are forwarded to the correct addresses by dnsmasq. That is *.corp.com queries go to 172.17.1.2 and other queries to 192.168.1.254.
If (b) "dns=dnsmasq" is commented out then NetworkManager passes the VPN nameserver and LAN nameserver addresses, in that order, to resolvconf.
$ cat /run/resolvconf /interface/ NetworkManager
domain mydom
search corp.com mydom
nameserver 172.17.1.2
nameserver 192.168.1.254
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.17.1.2
nameserver 192.168.1.254
search mydom corp.com
Testing reveals that Internet and VPN names are resolved correctly but LAN names are not and I can see that all queries go to the VPN nameserver.
This is all as I would expect, except (as I mentioned earlier) for the nmcli output, which fails to include any VPN information.
Conclusion: I can't reproduce the bug. Name service works for me with or without "dns=dnsmasq" insofar as I would expect.