Network manager and split DNS for a VPN?

[Karl Auer]

On Tue, 2017-04-11 at 18:46 -0400, Peter Silva wrote:
> fwiw, every time I startup a vpn connection, dns breaks, it won't
> answer any queries, so I kill dnsmasq.  Something starts it back up,
> and it's OK (resolves the internal addresses as per the vpn
> connection.)   It started a month or two ago...

Thanks.

I can resolve stuff over the VPN if I disable dnsmasq and restart NM. I
can resolve local addresses as long as either dnsmasq is running OR the
VPN is not up. As soon as the VPN comes up without dnsmasq, the
nameservers acquired over the VPN are first in /etc/resolv.conf, and my
local nameservers are never queried.

What I want is *split* DNS, so that queries for the domain at the other
end of the VPN are answered by the nameservers picked up over the VPN,
while local queries are answered by the nameservers picked up from the
local environment.

It *should* work, and dnsmasq it even *looks* as if it is doing it, but
it isn't actually working. Here is a sample bit of dnsmasq log file
after the VPN comes up:

Apr 12 04:40:36 kt dnsmasq[14038]: setting upstream servers from DBus
Apr 12 04:40:36 kt dnsmasq[14038]: using nameserver 192.168.100.54#53 for domain example.com.au
Apr 12 04:40:36 kt dnsmasq[14038]: using nameserver 192.168.100.54#53 for domain 255.52.168.192.in-addr.arpa
Apr 12 04:40:36 kt dnsmasq[14038]: using nameserver 192.168.100.54#53 for domain 168.192.in-addr.arpa
Apr 12 04:40:36 kt dnsmasq[14038]: using nameserver 192.168.100.54#53 for domain 16.172.in-addr.arpa
Apr 12 04:40:36 kt dnsmasq[14038]: using nameserver 192.168.100.54#53 for domain 17.172.in-addr.arpa
[...]

Regards, K.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B