Re: VPN + dnsmasq = split dns?

From: Olav Morken <olavmrk gmail com>
To: Mathieu Trudel-Lapierre <mathieu tl gmail com>
Cc: ML NetworkManager <networkmanager-list gnome org>
Subject: Re: VPN + dnsmasq = split dns?
Date: Tue, 2 Dec 2014 23:18:30 +0100

On Tue, Dec 02, 2014 at 15:30:09 -0500, Mathieu Trudel-Lapierre wrote:

On Tue, Dec 2, 2014 at 1:24 PM, Olav Morken <olavmrk gmail com> wrote:
[...]

I don't think it makes sense. Running a local DNS cache is good for
other reasons as well and I don't see a reason to drop dnsmasq just
because you are connected to a VPN. Or did I misunderstand? What
exactly is the problem with upstream NM and could we have a bug
report for it?


Ubuntu doesn't drop dnsmasq when running on a VPN. By default, Network
Manager assumes that if you are running dnsmasq you want split DNS
with your VPN. That includes if you have a default route over your
VPN. Since that breaks DNS when you connect to your VPN, Ubuntu has a
fix for it, which involves disabling split DNS in that case. My
problem was that the fix wasn't complete.


Actually, I wrote at least some of the patches. The intent was that it
should work just as well if the default gateway goes through the VPN
(ie. no split-tunnel).

If it doesn't work, that's a bug you can file on Launchpad against the
network-manager package (but I'm going to take a good look now since I
want to upstream these patches).


I already did:

  https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1390623

Basically, as far as I can tell, the problem is when you have both
IPv6 and IPv4, but only provide IPv4 DNS servers. The IPv4 DNS servers
were added with split DNS in my case.

Best regards,
Olav Morken

References:
- Re: VPN + dnsmasq = split dns?
  - From: Olav Morken
- Re: VPN + dnsmasq = split dns?
  - From: Mathieu Trudel-Lapierre

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]