----- Original Message ----- > From: "Mathieu Trudel-Lapierre" <[email protected]> > To: "Olav Morken" <[email protected]> > Cc: "Pavel Simerda" <[email protected]>, "ML NetworkManager" > <[email protected]>, "Tomas Hozza" > <[email protected]> > Sent: Tuesday, December 2, 2014 9:30:09 PM > Subject: Re: VPN + dnsmasq = split dns? > > On Tue, Dec 2, 2014 at 1:24 PM, Olav Morken <[email protected]> wrote: > [...] > >> I don't think it makes sense. Running a local DNS cache is good for > >> other reasons as well and I don't see a reason to drop dnsmasq just > >> because you are connected to a VPN. Or did I misunderstand? What > >> exactly is the problem with upstream NM and could we have a bug > >> report for it? > > > > Ubuntu doesn't drop dnsmasq when running on a VPN. By default, Network > > Manager assumes that if you are running dnsmasq you want split DNS > > with your VPN. That includes if you have a default route over your > > VPN. Since that breaks DNS when you connect to your VPN, Ubuntu has a > > fix for it, which involves disabling split DNS in that case. My > > problem was that the fix wasn't complete. > > > > Actually, I wrote at least some of the patches. The intent was that it > should work just as well if the default gateway goes through the VPN > (ie. no split-tunnel). > > If it doesn't work, that's a bug you can file on Launchpad against the > network-manager package (but I'm going to take a good look now since I > want to upstream these patches). > > > I certainly think that the "split DNS with default route"-problem > > would be something that should probably be fixed in Network Manager as > > well, unless dnsmasq is only supposed to be used with split DNS. If I > > understand correctly dnsmasq is the only DNS backend that implements > > split DNS with Network Manager at the moment, but if any others > > implemented it, they would probably need the same fix. > > Indeed.
For now. With new versions of NetworkManager, unbound and dnssec-trigger, there will also be the unbound DNS backend with extended DNSSEC capabilities. Cheers, Pavel > > > Mathieu Trudel-Lapierre <[email protected]> > Freenode: cyphermox, Jabber: [email protected] > 4096R/EE018C93 1967 8F7D 03A1 8F38 732E FF82 C126 33E1 EE01 8C93 > _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
