Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting DNS servers for systemd-resolved doesn't work as expected. #35

Open
HeikoSchlittermann opened this issue Sep 12, 2021 · 0 comments
Open

Setting DNS servers for systemd-resolved doesn't work as expected. #35

HeikoSchlittermann opened this issue Sep 12, 2021 · 0 comments

Comments

@HeikoSchlittermann
Copy link
Contributor

What did I expect: After connection establishment I expected the find the DNS server provided by the VPN peer associated with the VPN interface, either for all domains, or for domains I configured in config.yaml.

The following output was created on a Debian 11 system, using systemd-resolved for name resolution:

# /etc/resolv.conf
nameservers 127.0.0.53
search wdf.sap.corp

The config.yaml doesn't configure anything about resolv handling.

Output of starting the VPN:

021/09/12 12:08:09 id: 1, id2: 3, Local IPv4 not acknowledged: 10.16.48.174
2021/09/12 12:08:09 id: 1, id2: 3, Local IPv4 acknowledged: 10.16.48.174
2021/09/12 12:08:09 Using wireguard module to create tunnel
2021/09/12 12:08:09 Created tun0 interface
2021/09/12 12:08:09 Detected systemd-resolved
2021/09/12 12:08:09 Forwarding all DNS requests to ["10.17.122.10" "10.17.121.30"]
2021/09/12 12:08:09 Setting routes on tun0 interface
2021/09/12 12:08:09 Applying routes, pushed from F5 VPN server

Now I expected from running resolvectl that my search domain and the nameservers are associated with the tun0 link. But, running resolvectl shows:

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
Fallback DNS Servers: 9.9.9.9
          DNS Domain: wdf.sap.corp

Link 2 (ens3)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.122.1
       DNS Servers: 192.168.122.1

Link 8 (tun0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Once I manually issue

root@ntt:~# resolvectl domain tun0 wdf.sap.corp
root@ntt:~# resolvectl dns tun0 10.17.122.10 10.17.121.30

I get the expected output from running resolvectl:

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
Fallback DNS Servers: 9.9.9.9
          DNS Domain: wdf.sap.corp

Link 2 (ens3)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.122.1
       DNS Servers: 192.168.122.1

Link 8 (tun0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.17.122.10 10.17.121.30
    DNS Domain: wdf.sap.corp

What am I missing?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@HeikoSchlittermann