Re: NetworkManager OpenVPN DNS returns REFUSED

On Wed, Mar 22, 2017 at 08:19:32PM -0400, Paul Smith wrote:
Hi all.  I'm having a problem with DNS servers over openvpn.  I use
NetworkManager to configure (via openvpn config file import) and
start/stop the VPN.  I'm using Ubuntu GNOME 16.10, with:


I've also enabled "nmcli general logging level TRACE" and looked at the
journalctl logging when starting / stopping both VPN configurations and
it all looks fine to me: for both I can see the IP address for the DNS
server added as "50 vpn v4 tun0 : <newIP>" where my default DNS servers
are 100.  I see dnsmasq messages saying it's adding the new DNS address
as the nameserver for all the domains.

What does it mean that the local DNS service is returning REFUSED?  How
can I debug this further?  Or, does anyone know how to fix it?

You can enable logging of queries in dnsmasq with:

 echo log-queries > /etc/NetworkManager/dnsmasq.d/log-queries
 killall -HUP NetworkManager

After this, you should see in logs queries sent by dnsmasq and
responses from name servers.

Which dnsmasq version are you using? There was a bug in the way
dnsmasq cached sockets for queries that caused problems when the VPN
interface is recreated by kernel with a different ifindex; see [1] [2]
for more details. This could be the cause of the problem you see.



Attachment: signature.asc
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]