** Description changed: - On my Nexus 4, build 121 with TMobile, when I am on wifi, I correctly get a 192.168 ip and DNS entries for this network (on wlan0) -- fine. When I am in range of cellular data, I get an ip address from TMobile and am given DNS entries that aren't on the same network as the TMobile ip address (on rmnet_usb0). The problem is, the DNS entries from TMobile are preferred over the ones from the wifi network such that while wlan0 is correctly setup as the default route, DNS queries are being made to the TMobile DNS servers over wlan0 because there are no explicit routes to these servers. This is problematic because the remote DNS server may not respond to queries coming from out of network or site policy may disallow the use of foreign DNS servers-- both of which result in slow (or possibly failing) DNS queries since the cellular DNS is checked first. Also, where it did work, these queries could incur charges when the user is intending to use only wifi. This could be fixed in (at least) four ways: - 1) when on wifi, don't merge the DNS servers on cellular networks at all which forces the device to use the ones available on the site (wlan0). This is guaranteed to not incur changes - 2) when on wifi, merge the DNS server from the cellular network, but add them after the ones on the wifi network. This will try the site's DNS first and only if they fail, fallback to the cellular DNS. This may incur charges under certain circumstances - 3) add an explicit route to the cellular DNS servers through rmnet_usb0. This will bypass the site DNS with all queries going through cellular DNS. This will incur charges and would make the device unable to resolve site-local names. - 4) same as '2', but also add explicit routes for the cellular name servers. This should only incur charges if wifi DNS fails + On my Nexus 4, build 121 with TMobile, when I am on wifi, I correctly + get a 192.168 ip and DNS entries for this network (on wlan0) -- fine. + When I am in range of cellular data, I get an ip address from TMobile + and am given DNS entries that aren't on the same network as the TMobile + ip address (on rmnet_usb0). The problem is, the DNS entries from TMobile + are preferred over the ones from the wifi network such that while wlan0 + is correctly setup as the default route, DNS queries are being made to + the TMobile DNS servers over wlan0 because there are no explicit routes + to these servers. This is problematic because the remote DNS server may + not respond to queries coming from out of network or site policy may + disallow the use of foreign DNS servers-- both of which result in slow + (or possibly failing) DNS queries since the cellular DNS is checked + first. Also, where it did work, these queries could incur charges when + the user is intending to use only wifi. In the case of (at least) + TMobile, this could be a security concern because the well-known TMobile + DNS servers are on the private '10.' network, which opens the + possibility for a rogue DNS server to be on the private wifi network + with this ip address. + + This could be fixed in (at least) four ways: + 1) when on wifi, don't merge the DNS servers on cellular networks at all which forces the device to use the ones available on the site (wlan0). This is guaranteed to not incur changes + 2) when on wifi, merge the DNS server from the cellular network, but add them after the ones on the wifi network. This will try the site's DNS first and only if they fail, fallback to the cellular DNS. This may incur charges under certain circumstances + 3) add an explicit route to the cellular DNS servers through rmnet_usb0. This will bypass the site DNS with all queries going through cellular DNS. This will incur charges and would make the device unable to resolve site-local names. + 4) same as '2', but also add explicit routes for the cellular name servers. This should only incur charges if wifi DNS fails I think '3' is out. '2' and '4' seems most intuitive (with '4' perhaps most correct). '1' seems also ok. # netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.x.1 0.0.0.0 UG 0 0 0 wlan0 100.152.35.128 0.0.0.0 255.255.255.252 U 0 0 0 rmnet_usb0 192.168.x.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 - Jan 17 07:36:38 ubuntu-phablet NetworkManager[1130]: <info> Auto-activating connection '/310260575949457/context1'. + Jan 17 07:36:38 ubuntu-phablet NetworkManager[1130]: <info> Auto-activating connection '/310260575949457/context1'. Jan 17 07:36:38 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) starting connection '/310260575949457/context1' Jan 17 07:36:38 ubuntu-phablet NetworkManager[1130]: <info> (/ril_0): device state change: disconnected -> prepare (reason 'none') [30 40 0] Jan 17 07:36:38 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 1 of 5 (Device Prepare) scheduled... Jan 17 07:36:38 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 1 of 5 (Device Prepare) started... Jan 17 07:36:38 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 1 of 5 (Device Prepare) complete. Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> (/ril_0): IPv4 static configuration: Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> address 100.152.35.130/30 Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> DNS 10.177.0.34 Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> DNS 10.168.183.116 Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 2 of 5 (Device Configure) scheduled... Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 2 of 5 (Device Configure) starting... Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> (/ril_0): device state change: prepare -> config (reason 'none') [40 50 0] Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 2 of 5 (Device Configure) successful. Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 3 of 5 (IP Configure Start) scheduled. Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 2 of 5 (Device Configure) complete. Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 3 of 5 (IP Configure Start) started... Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> (/ril_0): device state change: config -> ip-config (reason 'none') [50 70 0] Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 5 of 5 (IPv4 Configure Commit) scheduled... Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 4 of 5 (IPv6 Configure Timeout) scheduled... Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 3 of 5 (IP Configure Start) complete. Jan 17 07:36:41 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 5 of 5 (IPv4 Commit) started... Jan 17 07:36:42 ubuntu-phablet NetworkManager[1130]: <info> (/ril_0): device state change: ip-config -> secondaries (reason 'none') [70 90 0] Jan 17 07:36:42 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 5 of 5 (IPv4 Commit) complete. Jan 17 07:36:42 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 4 of 5 (IPv6 Configure Timeout) started... Jan 17 07:36:42 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) Stage 4 of 5 (IPv6 Configure Timeout) complete. Jan 17 07:36:42 ubuntu-phablet NetworkManager[1130]: <info> (/ril_0): device state change: secondaries -> activated (reason 'none') [90 100 0] Jan 17 07:36:42 ubuntu-phablet NetworkManager[1130]: <info> Writing DNS information to /sbin/resolvconf Jan 17 07:36:42 ubuntu-phablet dnsmasq[2189]: setting upstream servers from DBus Jan 17 07:36:42 ubuntu-phablet dnsmasq[2189]: using nameserver 10.168.183.116#53 Jan 17 07:36:42 ubuntu-phablet dnsmasq[2189]: using nameserver 10.177.0.34#53 Jan 17 07:36:42 ubuntu-phablet dnsmasq[2189]: using nameserver 192.168.x.x#53 Jan 17 07:36:42 ubuntu-phablet dnsmasq[2189]: using nameserver 208.67.222.222#53 Jan 17 07:36:42 ubuntu-phablet dnsmasq[2189]: using nameserver 208.67.220.220#53 Jan 17 07:36:42 ubuntu-phablet NetworkManager[1130]: <info> Activation (/ril_0) successful, device activated.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1270189 Title: Ubuntu Touch devices are using cellular DNS servers over wifi connection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1270189/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
