On 2023-02-24 10:27, to...@tuxteam.de wrote:
On Fri, Feb 24, 2023 at 10:19:38AM +0100, daven...@tuxfamily.org wrote:
[...]
However, I didn't notice any vnpc_script malfunction. It does what it
is
expected to do. I'm like 99% sure the problem is dhclient deleting and
recreating /etc/resolv.conf as it sees fit, multiple times a day, and
deleting whatever vpnc_script has put in that file.
Instead of 99% suspicions you could just look into your
/var/log/syslog:
dhclient does leave enough traces there. Bonus point if you correlate
these timestamps with your resolv.conf mod time :-)
Cheers
Goode point. Thank you for the reminder :)
I do only partial week remote work, been in the office the last days.
So in order for the problem to happen again, I need to wait monday, only
then I might dig into the log files.
The thing is: at first, I didn't suspect dhclient until recently (after
I started this thread) so I need to wait for the next remote work day.
During my last days of remote work, I just used auditd to see if I can
see process name when the file is deleted/recreated.
The event was captured by auditd but the process name was missing from
the audit.log file, so I had no idea what's to look for., in which log
file(s).
I'm still sure it isn't vpnc_script. vpnc_script leaves identification
comments on the file
And dhclient is more like to know only about what my home's DHCP tells
it, than my work's place DNS resolver, that's why I suspect dhclient.
BUT I will make sure to take some time to dig into the logs monday. Now
that I have an idea what I'm looking for, totally agree logs are better
than suspicion
