[Bug 1769016] Re: nsswitch.conf doesn't specify 'resolve' to support systemd-resolved

Piotr Dobrogost 1769016 at bugs.launchpad.net
Sun Oct 13 14:52:32 UTC 2019 

If systemd-resolve's stub DNS resolver is used (which I believe is the
case) then "resolve" directive is optional as DNS requests are routed to
this stub resolver (per the "standard" nss-dns directive) which acts
according to systemd-resolve's logic. I just wrote the above in the
following comment – https://unix.stackexchange.com/questions/442598/how-
to-configure-systemd-resolved-and-systemd-networkd-to-use-local-dns-
server-f#comment1014165_516236

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1769016

Title:
  nsswitch.conf doesn't specify 'resolve' to support systemd-resolved

Status in glibc package in Ubuntu:
  Confirmed

Bug description:
  After upgrading from Ubuntu 16.04 to 18.04, my openconnect vpn
  connection stopped working.  The problem appeared to be related to DNS
  resolution.  After some digging, I discovered that the vpnc-script
  hook executed by openconnect was adding my VPN DNS servers to
  /etc/resolv.conf, which systemd-resolve --status was reporting as part
  of the global config instead of being associated with my VPN interface
  (tun0).  This appeared to break all VPN and non-VPN traffic in my
  configuration.

  I found that vpnc-script needed to find 'resolve' in
  /etc/nsswitch.conf in order to correctly configure the VPN DNS servers
  with systemd-resolved instead of prepending them to /etc/resolv.conf.

  http://git.infradead.org/users/dwmw2/vpnc-
  scripts.git/commitdiff/62e86babac9f734ba031a547501cbe8e5940d83b

  Adding 'resolve' to the 'hosts:' line in my /etc/nsswitch.conf allowed
  normal traffic flow.

  It seems like if 18.04 defaults to using systemd-resolve for DNS
  resolutions, then the default nsswitch.conf configuration should also
  declare 'resolve' in the 'hosts:' line, which does not appear to be
  the case.  This would have allowed my VPN connection to continue
  working successfully after the upgrade.

  $ lsb_release -rd
  Description:	Ubuntu 18.04 LTS
  Release:	18.04

  $ dpkg -l libc-bin openconnect systemd vpnc-scripts
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name          Version            Architecture  Description
  +++-=============-==================-=============-================================================
  ii  libc-bin      2.27-3ubuntu1      amd64   GNU C Library: Binaries
  ii  openconnect   7.08-3             amd64   open client for Cisco AnyConnect VPN
  ii  systemd       237-3ubuntu10      amd64   system and service manager
  ii  vpnc-scripts  0.1~git20171005-1  all     Network configuration scripts for VPNC and OpenConnect

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1769016/+subscriptions

More information about the foundations-bugs mailing list