I'm on 17.04 too and suffering from this issue for a while.
As I understand this issue, the problem may actually very well be in
Network-Manager rather than in systemd-resolved, but the problem is
indeed very visible with resolved.
Here's how I experience the problem (the root of my problems are a split
DNS setup, just like most other people following this ticket).
This is the state of my resolved...
With no VPN connected (wireless and wifi only):
Link 7 (vpn0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 3 (wlp4s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.8.1
DNS Domain: int.example.com
Link 2 (enp0s31f6)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.8.1
DNS Domain: int.example.com
With VPN connected:
Link 7 (vpn0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.180.48
192.168.180.49
DNS Domain: example.lan
Link 3 (wlp4s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.8.1
DNS Domain: int.example.com
Link 2 (enp0s31f6)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.8.1
DNS Domain: int.example.com
Now, I have one split DNS entry, testserver.example.net. On a public DNS, it
will resolve to a public IP - On the example.lan DNS servers, it will resolve
to a private IP.
Doing the following a couple of times is bound to sometimes return the
private IP and sometimes the public IP:
systemd-resolve --flush-caches && ping -c1 testserver.example.net
So for things to work in this particular example, I'd need the
192.168.8.1 DNS to either be disabled completely or only used for
int.example.com. 192.168.180.48 and 49 as provided by the VPN would
somehow need to be the default/active nameserver. Note that for my VPN
connection in Network Manager, I've *not* enabled the "use this
connection only for resources on its own network".
In an attempt to work around this problem, I decided to configure
network-manager for dnsmasq, which worked fine back in the 16.04 days.
Basically the setup worked, but Network-Manager only added the VPN DNS
servers for the VPN provided search domain example.lan. Needless to say
this works even worse than the resolved solution, because now I get the
wrong answer for testserver.example.net every time. It does seem to
indicates that perhaps there's something fishy about how network-manager
passes DNS servers to resolved. I have not found a way to force network-
manager to completely replace the configured DNS servers for a VPN
connection, but that might provide a usable workaround.
Hopefully this can shed some light on things?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1624317
Title:
systemd-resolved breaks VPN with split-horizon DNS
To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1624317/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
