gof5 icon indicating copy to clipboard operation
gof5 copied to clipboard

Published 20 hours ago verified publisher icon kayrus

Setting DNS servers for systemd-resolved doesn't work as expected.

Open HeikoSchlittermann opened this issue 3 years ago • 0 comments

What did I expect: After connection establishment I expected the find the DNS server provided by the VPN peer associated with the VPN interface, either for all domains, or for domains I configured in config.yaml.

The following output was created on a Debian 11 system, using systemd-resolved for name resolution:

# /etc/resolv.conf
nameservers 127.0.0.53
search wdf.sap.corp

The config.yaml doesn't configure anything about resolv handling.

Output of starting the VPN:

021/09/12 12:08:09 id: 1, id2: 3, Local IPv4 not acknowledged: 10.16.48.174
2021/09/12 12:08:09 id: 1, id2: 3, Local IPv4 acknowledged: 10.16.48.174
2021/09/12 12:08:09 Using wireguard module to create tunnel
2021/09/12 12:08:09 Created tun0 interface
2021/09/12 12:08:09 Detected systemd-resolved
2021/09/12 12:08:09 Forwarding all DNS requests to ["10.17.122.10" "10.17.121.30"]
2021/09/12 12:08:09 Setting routes on tun0 interface
2021/09/12 12:08:09 Applying routes, pushed from F5 VPN server

Now I expected from running resolvectl that my search domain and the nameservers are associated with the tun0 link. But, running resolvectl shows:

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
Fallback DNS Servers: 9.9.9.9
          DNS Domain: wdf.sap.corp

Link 2 (ens3)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.122.1
       DNS Servers: 192.168.122.1

Link 8 (tun0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Once I manually issue

root@ntt:~# resolvectl domain tun0 wdf.sap.corp
root@ntt:~# resolvectl dns tun0 10.17.122.10 10.17.121.30

I get the expected output from running resolvectl:

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
Fallback DNS Servers: 9.9.9.9
          DNS Domain: wdf.sap.corp

Link 2 (ens3)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.122.1
       DNS Servers: 192.168.122.1

Link 8 (tun0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.17.122.10 10.17.121.30
    DNS Domain: wdf.sap.corp

What am I missing?

HeikoSchlittermann avatar Sep 12 '21 10:09 HeikoSchlittermann