[Bug 1624317] Re: systemd-resolved breaks VPN with split-horizon DNS
mathew.hodson at gmail.com
Sun Sep 1 01:48:01 UTC 2019
** Description changed:
- * NetworkManager incorrectly handles dns-priority of the VPN-like
+ * NetworkManager incorrectly handles dns-priority of the VPN-like
connections, which leads to leaking DNS queries outside of the VPN into
the general internet.
- * Upstream has resolved this issue in master and 1.8 to correctly
+ * Upstream has resolved this issue in master and 1.8 to correctly
configure any dns backends with negative dns-priority settings.
- [Test Case]
- * detailed instructions how to reproduce the bug
- * these should allow someone who is not familiar with the affected
- package to reproduce the bug and verify that the updated package fixes
- the problem.
- * If this issue is changed DNS resolution will change, for certain
+ * If this issue is changed DNS resolution will change, for certain
queries, to go via VPN rather than general internet. And therefore, one
may get new/different results or even loose access to resolve/access
certain parts of the interent depending on what the DNS server on VPN
chooses to respond to.
- * Original bug report
+ * Original bug report
I use a VPN configured with network-manager-openconnect-gnome in which a
split-horizon DNS setup assigns different addresses to some names inside
the remote network than the addresses seen for those names from outside
the remote network. However, systemd-resolved often decides to ignore
the VPN’s DNS servers and use the local network’s DNS servers to resolve
names (whether in the remote domain or not), breaking the split-horizon
This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL:
You received this bug notification because you are a member of Network-
manager, which is subscribed to NetworkManager.
systemd-resolved breaks VPN with split-horizon DNS
To manage notifications about this bug go to:
More information about the ubuntu-desktop