5

Ubuntu 15.10 and dns=dnsmasq is commented out in /etc/NetworkManager/NetworkManager.conf

Before I connect to a VPN /etc/resolv.conf contains

nameserver 2xx.xx.xx.xx <-- ISP DNS 1 nameserver 2xx.xx.xx.xx <-- ISP DNS 2

after a VPN connection /etc/resolv.conf contains

nameserver 1xx.xx.xx.xx <-- VPN DNS 1 nameserver 1xx.xx.xx.xx <-- VPN DNS 2 nameserver 2xx.xx.xx.xx <-- ISP DNS 1

The regular wired connection and the VPN have DNS servers set in network manager with automatic (only addresses). The ISP server shouldn't be there at all. What else can I change? (removing dns=dnsmasq was one change to stop split DNS).

Improve this question

1 Answer 1

Reset to default
0

NetworkManager can either:

  • update resolv.conf itself;

  • delegate to resolvconf (for the NetworkManager interface);

  • or use netconfig.

The different configurations coming from each interface are simply aggregated (see update_dns()).

If you do not use NetworkManager for the VPN, you might use openresolv exclusive mode (-x) in order to override the nameservers from NetworkManager with the ones from the VPN instead of adding them. This can be done with this (ugly) script (OpenVPN hook):

#!/bin/sh # Dump all foreign options (coming from environment variables foreign_option_N) to stdout foreign_options() { local i i=1 while true; do local varname=foreign_option_$i local value="$(eval echo \$$varname)" if [ -z "$value" ]; then return fi echo $value i=$((i+1)) done } #Create a resolv.conf file from OpenVPN environment variables create_resolvconf() { foreign_options | grep "^dhcp-option DNS " | sed "s/^dhcp-option DNS /nameserver /" } route_up() { create_resolvconf | resolvconf -x -a $dev } down() { resolvconf -d $dev } case "$script_type" in route-up) route_up "$@" ;; down) down "$@" ;; esac

You should be able to adapt this to be used as a NetworkManager dispatcher script (see man 8 NetworkManager) using:

  • VPN_IP4_NAMESERVERS
  • VPN_IP6_NAMESERVERS

I didn't test it but something like this should do the trick:

#!/bin/sh create_resolvconf() { for ip in $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS; do echo "nameserver $ip" done } up() { create_resolvconf | resolvconf -x -a $VPN_IP_IFAC } down() { resolvconf -d $VPN_IP_IFAC } if [ -z "$VPN_IP_IFACE" ]; then return 0 fi case "$2" in up) up ;; down) down ;; esac
Improve this answer
4
  • 1
    Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf. Commented Feb 22, 2016 at 1:02
  • 1
    @user157600, The -x options needs openresolv instead of resolvconf. Commented Feb 22, 2016 at 1:26
  • Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere. Commented Feb 22, 2016 at 2:31
  • 1
    Given that you are in control of effective dns usage, when vpn is up you may DNAT dns ports to desired nameserver in order to override local configuration Commented Feb 17, 2020 at 7:56

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.