[Bug 1926143] [NEW] DNS resolution faulty over openconnect
Karl Kastner
1926143 at bugs.launchpad.net
Mon Apr 26 10:23:53 UTC 2021
Public bug reported:
When connected over VPN, then some domain names are incorrectly
resolved. In particular HTTPS/SSL is not working for many sites. Steps
to reproduce:
1) Connect to a vpn via openconnect
2) Lookup an address:
nslookup www.bing.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.bing.com
Address: 145.253.3.148
Name: www.bing.com
Address: 2a01:860:0:210::1:0
Which is wrong. Whois shows that this is actually an address of a
backbone server used by my provider.
Workaround:
3) Deactivate automatic updates to resolv.conf with sudo dpkg-reconfigure resolvconf
4) Add the line: nameserver 8.8.8.8 to /etc/resolvconf/resolv.conf.d/head
5) run sudo resolvconf -u
6) Verify DNS resolution:
nslookup www.bing.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.bing.com canonical name = a-0001.a-afdentry.net.trafficmanager.net.
a-0001.a-afdentry.net.trafficmanager.net canonical name = www-bing-com.dual-a-0001.a-msedge.net.
www-bing-com.dual-a-0001.a-msedge.net canonical name = dual-a-0001.a-msedge.net.
Name: dual-a-0001.a-msedge.net
Address: 204.79.197.200
Name: dual-a-0001.a-msedge.net
Address: 13.107.21.200
Name: dual-a-0001.a-msedge.net
Address: 2620:1ec:c11::200
Which returns the correct ip address.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: resolvconf 1.82
Uname: Linux 5.8.0-050800-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.16
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 26 11:21:43 2021
InstallationDate: Installed on 2015-11-05 (1999 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
PackageArchitecture: all
SourcePackage: resolvconf
UpgradeStatus: Upgraded to focal on 2020-09-10 (228 days ago)
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2019-03-07T14:28:39.455024
** Affects: resolvconf (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1926143
Title:
DNS resolution faulty over openconnect
Status in resolvconf package in Ubuntu:
New
Bug description:
When connected over VPN, then some domain names are incorrectly
resolved. In particular HTTPS/SSL is not working for many sites. Steps
to reproduce:
1) Connect to a vpn via openconnect
2) Lookup an address:
nslookup www.bing.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.bing.com
Address: 145.253.3.148
Name: www.bing.com
Address: 2a01:860:0:210::1:0
Which is wrong. Whois shows that this is actually an address of a
backbone server used by my provider.
Workaround:
3) Deactivate automatic updates to resolv.conf with sudo dpkg-reconfigure resolvconf
4) Add the line: nameserver 8.8.8.8 to /etc/resolvconf/resolv.conf.d/head
5) run sudo resolvconf -u
6) Verify DNS resolution:
nslookup www.bing.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.bing.com canonical name = a-0001.a-afdentry.net.trafficmanager.net.
a-0001.a-afdentry.net.trafficmanager.net canonical name = www-bing-com.dual-a-0001.a-msedge.net.
www-bing-com.dual-a-0001.a-msedge.net canonical name = dual-a-0001.a-msedge.net.
Name: dual-a-0001.a-msedge.net
Address: 204.79.197.200
Name: dual-a-0001.a-msedge.net
Address: 13.107.21.200
Name: dual-a-0001.a-msedge.net
Address: 2620:1ec:c11::200
Which returns the correct ip address.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: resolvconf 1.82
Uname: Linux 5.8.0-050800-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.16
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 26 11:21:43 2021
InstallationDate: Installed on 2015-11-05 (1999 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
PackageArchitecture: all
SourcePackage: resolvconf
UpgradeStatus: Upgraded to focal on 2020-09-10 (228 days ago)
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2019-03-07T14:28:39.455024
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1926143/+subscriptions
More information about the foundations-bugs
mailing list