[Bug 2055148] [NEW] NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan

Lukas Märdian 2055148 at bugs.launchpad.net
Tue Feb 27 11:34:40 UTC 2024 

Public bug reported:

From: https://discourse.ubuntu.com/t/blog-netplan-developer-
diaries/35932/11

Hi all,

NetworkManager connections with an explicit DoT (DNS over TLS)
configuration are not supported with Netplan, but NetworkManager does
feed back the DoT DNS info with server address and Server Name
Indication (SNI) in the form server_address#SNI, e.g.
1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result,
subsequent Netplan config applications fail because DNS servers don’t
have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form.

```
nmcli> describe ipv4.dns

=== [dns] ===
[NM property description]
Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved.
```

** Affects: netplan
     Importance: Undecided
         Status: New

** Affects: netplan.io (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: network-manager (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: netplan-everywhere

** Also affects: netplan
   Importance: Undecided
       Status: New

** Also affects: network-manager (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/2055148

Title:
  NetworkManager connections with an explicit DoT (DNS over TLS) are not
  supported with Netplan

Status in netplan:
  New
Status in netplan.io package in Ubuntu:
  New
Status in network-manager package in Ubuntu:
  New

Bug description:
  From: https://discourse.ubuntu.com/t/blog-netplan-developer-
  diaries/35932/11

  Hi all,

  NetworkManager connections with an explicit DoT (DNS over TLS)
  configuration are not supported with Netplan, but NetworkManager does
  feed back the DoT DNS info with server address and Server Name
  Indication (SNI) in the form server_address#SNI, e.g.
  1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a
  result, subsequent Netplan config applications fail because DNS
  servers don’t have the expected dotted decimal (IPv4) or colon’ed hex
  (IPv6) form.

  ```
  nmcli> describe ipv4.dns

  === [dns] ===
  [NM property description]
  Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved.
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions

More information about the foundations-bugs mailing list