Ubuntu
network-manager package

  1. Zesty (17.04)
  2. Bug #1624317
  3. Comment #118

Comment 118 for bug 1624317

Revision history for this message
In , Nicholas Stommel (nstommel) wrote :

**********
noctua@corinth:~$ systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 5 (tun0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 209.222.18.222
                      209.222.18.218

Link 2 (wlo1)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.1.1
          DNS Domain: home

**********
noctua@corinth:~$ nmcli connection show tun0
connection.id: tun0
connection.uuid: a61ca484-3ca9-4e88-b6e1-574b4e17ca54
connection.stable-id: --
connection.interface-name: tun0
connection.type: tun
connection.autoconnect: no
connection.autoconnect-priority: 0
connection.timestamp: 1497284475
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries:
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: -1 (default)
ipv4.method: manual
ipv4.dns:
ipv4.dns-search:
ipv4.dns-options: (default)
ipv4.dns-priority: 100
ipv4.addresses: 10.38.1.6/32
ipv4.gateway: 10.38.1.5
ipv4.routes: { ip = 10.38.1.1/32, nh = 10.38.1.5, mt = 50 }
ipv4.route-metric: 50
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-timeout: 0
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.dad-timeout: -1 (default)
ipv6.method: link-local
ipv6.dns:
ipv6.dns-search:
ipv6.dns-options: (default)
ipv6.dns-priority: 100
ipv6.addresses:
ipv6.gateway: --
ipv6.routes:
ipv6.route-metric: -1
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
ipv6.token: --
tun.mode: 1 (tun)
tun.owner: --
tun.group: --
tun.pi: no
tun.vnet-hdr: no
tun.multi-queue: no
GENERAL.NAME: tun0
GENERAL.UUID: a61ca484-3ca9-4e88-b6e1-574b4e17ca54
GENERAL.DEVICES: tun0
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: --
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/4
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/4
GENERAL.SPEC-OBJECT: /
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 10.38.1.6/32
IP4.GATEWAY: 10.38.1.5
IP4.ROUTE[1]: dst = 10.38.1.1/32, nh = 10.38.1.5, mt = 50
IP6.ADDRESS[1]: fe80::376b:6f85:5cb7:142/64
IP6.GATEWAY:

**********
extended test from https://dnsleaktest.com

Test complete

Query round Progress... Servers found
  1 ...... 2
  2 ...... 1
  3 ...... 2
  4 ...... 1
  5 ...... 1
  6 ...... 2
IP Hostname ISP Country
173.239.219.2 ip-2-219-239-173.east.us.northamericancoax.com LogicWeb Inc United States
71.242.0.136 none Verizon Internet Services United States
71.242.0.214 none Verizon Internet Services United States

**********
As you can see, the 'routing-only domain' line "DNS Domain: ~." is missing and DNS leaks are clearly happening while connected to the VPN as queries are being routed to the ISP (Verizon in this case).