Ubuntu
network-manager package

Connecting to a VPN clears DNS from parent connection

Bug #1768203 reported by Tomasz Kontusz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
New
Undecided
Unassigned

Bug Description

$ lsb_release -rd
Description: Ubuntu 18.04 LTS
Release: 18.04

$ apt-cache policy network-manager
network-manager:
  Installed: 1.10.6-2ubuntu1
  Candidate: 1.10.6-2ubuntu1
  Version table:
 *** 1.10.6-2ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        100 /var/lib/dpkg/status

After connecting to a VPN the parent connection's DNS servers are cleared, as seen in the output of `systemd-resolve --status`.

Before connection to VPN:
(...)
Link 3 (wlp2s0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 62.179.1.63
                      62.179.1.62
          DNS Domain: chello.pl

Link 2 (enp1s0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Connected to VPN, notice that only the ppp0 has DNS servers:
(...)
Link 20 (ppp0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.64.5
                      192.168.97.10
          DNS Domain: ~dcs.pl

Link 3 (wlp2s0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (enp1s0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

I want to use split-horizon DNS resolving, and this behaviour breaks resolving non-VPN names.

Revision history for this message
c.h. (wryfi) wrote :

What type of VPN connection are you using?

I am using network-manager-openvpn, and it has the opposite behavior (I can only get it to append a new DNS server to the list reported by `systemd-resolve --status`, while in my case, I would like network-manager to *only* use the VPN DNS).

The change in behavior between systemd-resolved and glibc resolvconf is nontrivial, and has side effects throughout various parts of the system. In this case, it appears that various developers have implemented different defaults for different protocols.

Revision history for this message
c.h. (wryfi) wrote :

I was able to solve my problem by setting the dns-priority of my VPN connection to a negative value: `nmcli connection modify <connection_name> ipv4.dns-priority -100`. You might be able to resolve your issue by setting the dns-priority of your VPN connection to a *higher* value (e.g. equal to that of the other connection). You can view the dns priorities of your connections by running `nmcli connection show <connection_name>` (the default seems to be 0).

Revision history for this message
Tomasz Kontusz (tomasz-kontusz) wrote :

This helps, but there's still a problem - resolved tries to resolve the VPN-local addresses with both VPN and global DNS. Some of those addresses are available on both sites, and I prefer the internal one when the VPN is active.

Revision history for this message
Tomasz Kontusz (tomasz-kontusz) wrote :

This works without problems, and without using `ipv4.dns-priority`, on Ubuntu 20.04.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.