Can confirm: #82 does the trick. Thanks Nicholas, you're awesome!

Let's hope this goes into 17.04 release or at least in zesty-updates.

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.

  systemd-resolved breaks VPN with split-horizon DNS

Status in NetworkManager:
Status in network-manager package in Ubuntu:
Status in network-manager source package in Zesty:
Status in network-manager source package in Artful:

Bug description:

   * NetworkManager incorrectly handles dns-priority of the VPN-like
  connections, which leads to leaking DNS queries outside of the VPN
  into the general internet.

   * Upstream has resolved this issue in master and 1.8 to correctly
  configure any dns backends with negative dns-priority settings.

  [Test Case]


   * detailed instructions how to reproduce the bug

   * these should allow someone who is not familiar with the affected
     package to reproduce the bug and verify that the updated package fixes
     the problem.


  [Regression Potential]

   * If this issue is changed DNS resolution will change, for certain
  queries, to go via VPN rather than general internet. And therefore,
  one may get new/different results or even loose access to
  resolve/access certain parts of the interent depending on what the DNS
  server on VPN chooses to respond to.

  [Other Info]
   * Original bug report

  I use a VPN configured with network-manager-openconnect-gnome in which
  a split-horizon DNS setup assigns different addresses to some names
  inside the remote network than the addresses seen for those names from
  outside the remote network.  However, systemd-resolved often decides
  to ignore the VPN’s DNS servers and use the local network’s DNS
  servers to resolve names (whether in the remote domain or not),
  breaking the split-horizon DNS.

  This related bug, reported by Lennart Poettering himself, was closed with the 
current Fedora release at the time reaching EOL:

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to