DNS configuration with VPNs and Ubuntu 17.04: working again

I must have hit this bug on the upgrade from 16.10 to 17.04.

Result: DNS queries not working if not using FQDNs for my VPNs.

Time to find a workaround and so here’s my new configuration (note: see the update part at the end of the post).

Before you go on: if you try this, you will lose DNS resolution before you finish this setup. This will break your connections. So, ensure that you are able to roll-back all the changes or don’t do this.

First, I got rid of the systemd-resolved service:

sudo systemctl disable systemd-resolved.service

And resolvconf along with it:

sudo systemctl disable resolvconf.service

Then I installed openresolv:

sudo apt install openresolv

At this point /etc/resolv.conf should not anymore be a link, but a real file. Remove the link so that NetworkManager will recreate a file at /etc/resolv.conf:

sudo unlink /etc/resolv.conf

I then ensured that NetworkManager was using dnsmasq for dns, that is, this line must be uncommented and present in /etc/NetworkManager/NetworkManager.conf:

dns=dnsmasq

Using NetworkManager itself for DNS resolution will also work (dns=default), but then you will hit the limit of resolv.conf (i.e. max. 3 nameservers will work).

Then, restart NetworkManager:

sudo systemctl restart NetworkManager

With this configuration search domains and nameservers work as expected and they can be configured in the NetworkManager GUI.

For more details about NetworkManager: https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html.

UPDATE: 09 Aug 2017

Since one of the VPNs was misconfigured and it was sending wrong nameserver information, I took this even more drastically and decided to manually manage the DNS setup via dnsmaq.

In addition to the above, I then uninstalled openresolve, and set

dns=none

in /etc/NetworkManager/NetworkManager.conf to get full control over /etc/resolv.conf.

I installed dnsmasq and configured the nameservers for the domains there, e.g.:

server=8.8.8.8
server=/example.domain/1.1.1.1

with a plain and simple resolv.conf:

search example.domain
nameserver 127.0.0.1

This setup requires some maintenance if I have to add new VPNs or change the nameservers for the existing ones, but at least it should be stable!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s