Network manager and split DNS for a VPN?

[Xen]

Tom H schreef op 13-04-2017 7:36:

> If you're trusting NM to set up your network, including the
> nameservers. You should trust it to return accurate information about
> your network setup, including the nameservers.

Aye. Trust is a big word. Anyway, sorry for complaining.

> I thought that I'd said in my original email that previous versions of
> NM had "nm-tool". It's too bad that it was removed, although I'd have
> preferred it to be "nmtool"...

aye but your nmcli command probably also works with less parameters.

I just can't test because I don't have any NetworkManager system I think 
:p.

> The reason that dnsmasq lacks a frontend is that it's not the "full"
> package, dnsmasq, that's used by NM; it's dnsmasq-base.
> 
> dnsmasq-base installs "/usr/sbin/dnsmasq" and
> "/etc/dbus-1/system.d/dnsmasq.conf".
> 
> dnsmasq installs "/etc/dnsmasq.conf", "/etc/init.d/dnsmasq", and
> "/lib/systemd/system/dnsmasq.service".
> 
> If you use dnsmasq and resolvconf, IIRC, you can run "cat
> /run/resolvconf/resolv.conf" (or possibly "cat
> /run/dnsmasq/resolv.conf"; I don't have them installed to check,
> sorry).

Oh. Well that would be nice. So they're basically using dnsmasq as a 
plugin almost.

>> nmcli itself has a syntax I find impossible to remember.
> 
> The above is the only nmcli command that I know and use.
> 
> I remember them because
> 
> "c sh" is short for "connection show" and is similar to ip's "a
> sh"/address show".

Okay so they modelled it on that. For some reason "ip" is not as hard to 
remember, although I sometimes get lost in the confusion of "ip table 
show second" or "ip show table second" and stuff like that ;-).

> "-f" stands for "field(s)". I sometimes type "ipv4" rather than "IP4"
> for the first one and then realize that I've screwed up...
> 
> I prefer the "uuid ... UUID" version because they correspond, whereas
> in the "id ... NAME" I have to remember that the output of "NAME" is
> the input of "id".

Well all of that just goes to show how unusable it is.

Not saying, for instance, that's easy in MS Windows. You have some netsh 
command that is equally impossible to remember.

In Windows it would be

netsh interface ipv4 show dnsservers

But I would much rather have it show with "ipconfig", same as 
"ifconfig". Ifconfig in Linux is just a nice informative tool, even if 
it is "deprecated".

Well, enough.

>> I once suggested they turn nmcli into a graphical tool and then
>> perfect the interface of the graphical tool and then use that to
>> inform any changes to nmcli, in the sense of having a secondary thing
>> to work on that doesn't have to "be" anything yet.
>> 
>> Turns out they already had one. Or were thinking of one.
> 
> I don't understand.
> 
> There's also "nmtui" but it's not the same thing as "nmcli". The GUI
> tools are "nm-applet" and "nm-connection-editor".

I think I meant nmtui.

I think the nmcli hierarchy is just so complex that I thought they 
should use something else (as a secondary) to evolve the command 
structure in a GUI (ncurses) and then when they are content with that 
and it is very usable, use that to inform changes to nmcli.

Then you don't have to change anything until you are completely 
comfortable with that.

nmcli will never be changed incrementally.

Well.

>> The NetworkManager people are really quite responsive and helpful and
>> they are one of the few teams I have ever seen that conduct surveys as
>> to their popularity and user-friendliness in that sense.
> 
> I only "know" the lead developer, Dan Williams. I've never dealt with
> him directly but I've noticed in various posts that he's helpful and
> open to suggestions and requests in spite of all of the NM bashing.

Yes, this is the IRC channel headline:

"Stop by and bitch, moan, rave, flame, suggest, request, patch, anything 
you like."

So they are really just quite chill about it.