On Wed, Mar 22, 2017 at 08:19:32PM -0400, Paul Smith wrote:
Hi all. I'm having a problem with DNS servers over openvpn. I use NetworkManager to configure (via openvpn config file import) and start/stop the VPN. I'm using Ubuntu GNOME 16.10, with: [...] I've also enabled "nmcli general logging level TRACE" and looked at the journalctl logging when starting / stopping both VPN configurations and it all looks fine to me: for both I can see the IP address for the DNS server added as "50 vpn v4 tun0 : <newIP>" where my default DNS servers are 100. I see dnsmasq messages saying it's adding the new DNS address as the nameserver for all the domains. What does it mean that the local DNS service is returning REFUSED? How can I debug this further? Or, does anyone know how to fix it?
You can enable logging of queries in dnsmasq with: echo log-queries > /etc/NetworkManager/dnsmasq.d/log-queries killall -HUP NetworkManager After this, you should see in logs queries sent by dnsmasq and responses from name servers. Which dnsmasq version are you using? There was a bug in the way dnsmasq cached sockets for queries that caused problems when the VPN interface is recreated by kernel with a different ifindex; see [1] [2] for more details. This could be the cause of the problem you see. Beniamino [1] https://bugzilla.redhat.com/show_bug.cgi?id=1367772 [2] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=2675f2061525bc954be14988d64384b74aa7bf8b
Attachment:
signature.asc
Description: PGP signature