Re: Overriding connections (VPN) that abuse DNS (was: Wireless DHCP overwrites DNS settings)

From: Dan Williams <dcbw redhat com>
To: Derek Atkins <warlord MIT EDU>
Cc: Ross Patterson <me rpatterson net>, networkmanager-list gnome org
Subject: Re: Overriding connections (VPN) that abuse DNS (was: Wireless DHCP overwrites DNS settings)
Date: Mon, 10 Dec 2007 12:36:09 -0500

On Mon, 2007-12-10 at 11:44 -0500, Derek Atkins wrote:
> Dan Williams <dcbw redhat com> writes:
> 
> > On Sat, 2007-12-08 at 13:36 -0800, Ross Patterson wrote:
> >> This is somewhat related.  I have a poorly behaved VPN connection that
> >> sends NM empty DNS settings so that no DNS works when I'm connected to
> >> the VPN.  I can't fix the VPN, so my current workaround is to copy
> >> /etc/resolv.conf before I connect to the VPN, and then write it over the
> >> /etc/resolv.conf written by NM *after* connecting to the VPN.  IOW, I
> >> manually restore the original DNS configuration.  This is annoying to
> >> say the least.
> >> 
> >> My question is, is there a way to preseve the DNS settings on *just
> >> that* VPN connection so I don't have to do this dance every time?
> >
> > Not yet; but it can be fixed internally in NetworkManager pretty easily.
> > Nobody has come up with a patch yet, and I haven't had time.
> >
> > Internally, the IP4 configs are essentially a stack with between 0 and 2
> > configs per device.  The device's config is at #1, and the VPN config is
> > at #2.  Whenever the config stack changes, settings should get merged
> > with the higher numbered items taking priority over the lower numbered
> > ones.  Right now, a config with a higher number blows away the config
> > with the lower number entirely.
> 
> I have a VPN that also gives me incomplete DNS info.  The way I fixed
> this was by writing a wrapper around /usr/bin/nm-vpnc-service-vpnc-helper
> that adjusts the vpnc environment before passing it back to NM via
> dbus.  In my case I needed to adjust the CISCO_DEF_DOMAIN variable.
> YMMV.

I was working on this today; the interesting thing is that if the VPN
hands back bogus DNS information, should NM honor the default domain
that the VPN sends back, if any, and should it honor the DNS searches,
if any?  I'd guess no to searches, maybe yes to default domain.

The DNS searches and nameservers should probably be "together" in that
if there are no nameservers specified, NM falls back to the underlying
device's nameservers and searches.

Dan

Follow-Ups:
- Re: Overriding connections (VPN) that abuse DNS (was: Wireless DHCP overwrites DNS settings)
  - From: Derek Atkins

References:
- Overriding connections (VPN) that abuse DNS (was: Wireless DHCP overwrites DNS settings)
  - From: Ross Patterson
- Re: Overriding connections (VPN) that abuse DNS (was: Wireless DHCP overwrites DNS settings)
  - From: Dan Williams
- Re: Overriding connections (VPN) that abuse DNS (was: Wireless DHCP overwrites DNS settings)
  - From: Derek Atkins

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]