[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS
Vincent
dawansv at gmail.com
Mon May 29 19:05:18 UTC 2017
Thomas:
I am not an expert on this, but as far as I can tell from the
documentation you are seeing a different dns replying at times because
(I quote the systemd.resolved.service doc) "Multi-label names are routed
to all local interfaces that have a DNS sever configured (...) If
lookups are routed to multiple interfaces, the first successful response
is returned".
So basically all the dns servers defined in all of your links are fair
game. DNS requests are sent to all of them at the same time and
whichever replies first win the day!
My understanding is that you have to specify dhcp-options DOMAIN-ROUTE .
in your openvpn connection settings to force dns requests to all domains
to go through the vpn link and ignore the dns on other links.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-horizon DNS
Status in systemd:
New
Status in systemd package in Ubuntu:
Confirmed
Bug description:
I use a VPN configured with network-manager-openconnect-gnome in which
a split-horizon DNS setup assigns different addresses to some names
inside the remote network than the addresses seen for those names from
outside the remote network. However, systemd-resolved often decides
to ignore the VPN’s DNS servers and use the local network’s DNS
servers to resolve names (whether in the remote domain or not),
breaking the split-horizon DNS.
This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL:
https://bugzilla.redhat.com/show_bug.cgi?id=1151544
To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1624317/+subscriptions
More information about the foundations-bugs
mailing list