On Thu, 2020-09-10 at 10:28 +0000, Mikhail Gavrilov wrote: > From here https://bugzilla.redhat.com/show_bug.cgi?id=1863041#c46 I > have expected what newly-created connection would work properly > without manually changing ipv4.dns-search to ~. on the specific VPN > connection.
Hi,
I think you need
nmcli connection modify "$VPN_PROFILE" +ipv4.dns-search "~."
It doesn't matter whether you newly create a profile. What only matters
are the settings (the content) of the connection profile, as you see it
with `nmcli connection show "$PROFILE"`. Now how you created it.
You have a wrong configuration ("wrong" least with respect to how
NetworkManager currently behaves):
- with split DNS enabled
- the VPN has DNS servers configured (either manually or pushed by
server).
- a VPN profile that has no search domains (neither manually nor
pushed by server)
- the VPN is not configured to route all traffic.
Consequently, that DNS server isn't gonna get used.
There is a possibility that NetworkManager could improve to
automatically add the search domain "~." in such cases. But until that
is happens, you have to adjust your connection profile (or your VPN
server to announce the proper search domain).
https://bugzilla.redhat.com/show_bug.cgi?id=1863041#c49
Without systemd-resolved (without split DNS support), NetworkManager
behaves differently because it configures all DNS servers in
/etc/resolv.conf -- regardless of the search domains. That's why
switching to systemd-resolved breaks your previously working setup. In
the end, the behavior is different whether split-DNS or not is enabled,
so this might just be expected, albeit it's very unfortunate to break
previously working setups.
best,
Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
