I've updated the description for the SRU but if someone had a better description of a testcase that would be welcome
** Description changed: + * Impact + + When using a VPN the DNS requests might still be sent to a DNS server + outside the VPN when they should not + + * Test case + + Configure the system to send all the traffic to a VPN, do a name + resolution, the request should not go to the public DNS server (to be + checked by capturing the traffic by example with wireshark) + + + * Regression potential + + The code change the handling of DNS servers when using a VPN, we should + check that name resolution still work whne using a VPN in different + configurations + + ----------------- + + In 16.04 the NetworkManager package used to carry this patch: http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/Filter-DNS-servers-to-add-to-dnsmasq-based-on-availa.patch It fixed the DNS setup so that when I'm on the VPN, I am not sending unencrypted DNS queries to the (potentially hostile) local nameservers. This patch disappeared in an update. I think it was present in 1.2.2-0ubuntu0.16.04.4 but was dropped some time later. This security bug exists upstream too: https://bugzilla.gnome.org/show_bug.cgi?id=746422 It's not a *regression* there though, as they didn't fix it yet (unfortunately!) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754671 Title: Full-tunnel VPN DNS leakage regression To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/1754671/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
