Public bug reported: I was setting up a fresh ubuntu xenial a few days ago (Ubuntu 16.04.1 LTS) with network-manager 1.2.2-0ubuntu0.16.04.3.
I connect to an openvpn server that pushes a DNS Server to me: push "dhcp-option DNS 172.24.32.1" This DNS-Server is properly received and (as I have marked "use for this network only" configured correctely over DBus to dnsmasq (sorry, german logs): Nov 15 22:23:47 chili dnsmasq[1422]: vorgelagerte Server von DBus gesetzt Nov 15 22:23:47 chili dnsmasq[1422]: Benutze Namensserver 172.24.32.1#53 für Domain example.com Nov 15 22:23:47 chili dnsmasq[1422]: Benutze Namensserver 172.24.32.1#53 für Domain 24.172.in-addr.arpa So now dnsmasq has Nameservers for my vpn internal domain and the reverse domains of the routes pushed by the vpn. That's exactly what I want - for the VPN ressources. BUT (and this took me some time to understand) the previously valid nameservers (originated from the DHCP server of the Wireless connection) are REMOVED. This means that dnsmasq is left with name servers for specific domains only, there are no generic name servers available any more. If queried for a name resolution for e.g. "www.google.com", dnsmasq just returns an error message. So while I had full IP connectivity in the network behind the VPN AND to the internet, I had no name resolution any more for domains outside of the VPN. I would have expected that the domain servers (that are specific to the VPN Domains) are ADDED to the list of dnsmasq's servers, but they are replaced. As (according to the dnsmasq man page) "More specific domains take precendence over less specific domains", no leakage of DNS requests would happen in either direction. I even monitored the D-Bus communication and it can be seen that it uses the "SetServersEx" command (which replaces the list). I built a workaround using a script in /etc/NetworkManager/dispatcher.d combined with a configuration file in /etc/NetworkManager/dnsmasq.d that points to a "servers-file". When the vpn comes up, the script populates the servers-file from the $IP4_NAMESERVERS variable and HUPs dnsmasq, which finally gives me in /var/log/syslog: Nov 15 22:23:47 chili dnsmasq[1422]: Benutze Namensserver 8.8.8.8#53 Nov 15 22:23:47 chili dnsmasq[1422]: Benutze Namensserver 172.24.32.1#53 für Domain example.com Nov 15 22:23:47 chili dnsmasq[1422]: Benutze Namensserver 172.24.32.1#53 für Domain 24.172.in-addr.arpa Of course the script undos the changes when the vpn comes down again. If anyone is interested, I can share my script - but it is quite specific to my use case so I wonder if others are interested in... ** Affects: network-manager (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642063 Title: Split DNS with openvpn erroneously removes nameservers from dnsmasq To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1642063/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs