[Bug 1717995] Re: extra domains not removed from resolv.conf when VPN disconnects
Roland Dreier
roland at digitalvampire.org
Tue Sep 19 08:42:54 UTC 2017
I wonder if the issue has anything to do with the fact that the VPN
creates a new network link that disappears when the VPN goes down - note
that the purestorage.com domains are listed for tun0 when the VPN is up.
When I turn off the VPN, tun0 disappears but the purestorage.com domains
stay in the Global part of the status output:
$ systemd-resolve --status
Global
DNS Domain: home.digitalvampire.org
purestorage.com
dev.purestorage.com
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 17 (tun0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.231.255.252
10.230.255.252
DNS Domain: purestorage.com\032dev.purestorage.com
purestorage.com
dev.purestorage.com
Link 3 (wlp4s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 2001:470:1f05:221::1
10.1.0.1
DNS Domain: home.digitalvampire.org
Link 2 (enp0s31f6)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1717995
Title:
extra domains not removed from resolv.conf when VPN disconnects
Status in systemd package in Ubuntu:
Confirmed
Bug description:
I use a VPN (network manager "vpnc" config) to connect to my work
network. The gateway is "webvpn.purestorage.com". When I connect, I
get "purestorage.com" added to the "search" line in my
/etc/resolv.conf (and /run/resolvconf/interface/systemd-resolved) -
which makes perfect sense, the VPN passes this info to me and then I
can connect to systems within the work network without having to use a
FQDN.
The bug (which is a regression from older versions of Ubuntu) is that
when I lose my connection to the VPN (either because I disconnect
explicitly, or because the network goes down or I suspend my laptop),
the "purestorage.com" domain is not removed from those "search" lines.
And for some reason this prevents me from resolving
webvpn.purestorage.com (which prevents me from reconnecting to the
VPN).
In particular, if I connect and disconnect my VPN, I get:
$ systemd-resolve webvpn.purestorage.com
webvpn.purestorage.com: resolve call failed: No appropriate name servers or networks for name found
If I then edit /etc/resolv.conf by hand to remove all the
purestorage.com entries from the search line - in other words, change
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search home.digitalvampire.org purestorage.com dev.purestorage.com
to
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
search home.digitalvampire.org
and change nothing else, then:
$ systemd-resolve webvpn.purestorage.com
webvpn.purestorage.com: 192.30.189.1
(vpn.purestorage.com)
-- Information acquired via protocol DNS in 25.9ms.
-- Data is authenticated: no
I'm not sure if the bug is in systemd, network manager, or some other package, but I'm happy to try any debugging that is helpful to resolve this (no pun intended).
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: systemd 234-2ubuntu10
ProcVersionSignature: Ubuntu 4.12.0-13.14-generic 4.12.10
Uname: Linux 4.12.0-13-generic x86_64
ApportVersion: 2.20.7-0ubuntu1
Architecture: amd64
CurrentDesktop: GNOME
Date: Mon Sep 18 11:20:17 2017
InstallationDate: Installed on 2016-09-01 (381 days ago)
InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Alpha amd64 (20160901)
MachineType: LENOVO 20FRS2FK00
ProcEnviron:
TERM=screen
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.12.0-13-generic root=UUID=30d5ada5-835d-4cf7-96cf-3329c0316107 ro quiet splash vt.handoff=7
SourcePackage: systemd
UpgradeStatus: Upgraded to artful on 2017-07-26 (53 days ago)
dmi.bios.date: 07/13/2017
dmi.bios.vendor: LENOVO
dmi.bios.version: N1FET53W (1.27 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20FRS2FK00
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40697 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 31
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.modalias: dmi:bvnLENOVO:bvrN1FET53W(1.27):bd07/13/2017:svnLENOVO:pn20FRS2FK00:pvrThinkPadX1Yoga1st:rvnLENOVO:rn20FRS2FK00:rvrSDK0J40697WIN:cvnLENOVO:ct31:cvrNone:
dmi.product.family: ThinkPad X1 Yoga 1st
dmi.product.name: 20FRS2FK00
dmi.product.version: ThinkPad X1 Yoga 1st
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1717995/+subscriptions
More information about the foundations-bugs
mailing list