openvpn chroot does not have a valid resolv.conf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager-openvpn (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
If you leave openvpn running for long enough it will eventually begin to fail with output like:
May 27 19:16:54 wakko nm-openvpn[16480]: RESOLVE: Cannot resolve host address: XXXX: Temporary failure in name resolution
Analysis shows this is because openvpn is sending DNS queries to 127.0.0.1:
socket(PF_INET, SOCK_DGRAM|
connect(8, {sa_family=AF_INET, sin_port=htons(53), sin_addr=
poll([{fd=8, events=POLLOUT}], 1, 0) = 1 ([{fd=8, revents=POLLOUT}])
sendto(8, ..., 30, MSG_NOSIGNAL, NULL, 0) = 30
However, this is not correct, dnsmasq listens on 127.0.1.1.
It appears the a cause of this is the chroot, the chroot has no resolv.conf in it and the glibc default is to use 127.0.0.1
openvpn does a DNS query before chroot'ing which used to be enough to cache resolv.conf forever. I wonder if something has changed in glibc recently to cause the resolv.conf to be reloaded (eg Debian apparently has a patch that does this)
A work around would be to copy the system resolv.conf into /var/lib/
Seen on Xenial and a few prior versions.
Status changed to 'Confirmed' because the bug affects multiple users.