@ Nicholas Stommel (nstommel) Could you please help to update the bug description SRU template to fix this issue in 17.04? I do not fully understand the issue at hand, but I do have access to VPN and can set VPN setting in Netowrk Manager to route all traffic through VPN. After doing that, I should check dns-leak website?! to make sure all responses come from the VPN's DNS server rather than my ISP/public DNS servers? A write up of easy steps would be nice like: 1) check dns leak website, record dns servers 2) connect to vpn 3) check dns leak website again
expected: servers in #3 should be behind vpn, and different from public dns servers listed in #1. Or some such. Would you be able to distill testcase steps into easy steps that anybody with a VPN connection setup via network manager can reproduce? This way we will be able to validate this issue and release a stable release update. ** Description changed: + [Impact] + + * NetworkManager incorrectly handles dns-priority of the VPN-like + connections, which leads to leaking DNS queries outside of the VPN into + the general internet. + + * Upstream has resolved this issue in master and 1.8 to correctly + configure any dns backends with negative dns-priority settings. + + [Test Case] + + #FIXME# + + * detailed instructions how to reproduce the bug + + * these should allow someone who is not familiar with the affected + package to reproduce the bug and verify that the updated package fixes + the problem. + + #FIXME# + + [Regression Potential] + + * If this issue is changed DNS resolution will change, for certain + queries, to go via VPN rather than general internet. And therefore, one + may get new/different results or even loose access to resolve/access + certain parts of the interent depending on what the DNS server on VPN + chooses to respond to. + + [Other Info] + + * Original bug report + I use a VPN configured with network-manager-openconnect-gnome in which a split-horizon DNS setup assigns different addresses to some names inside the remote network than the addresses seen for those names from outside the remote network. However, systemd-resolved often decides to ignore the VPN’s DNS servers and use the local network’s DNS servers to resolve names (whether in the remote domain or not), breaking the split-horizon DNS. This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL: https://bugzilla.redhat.com/show_bug.cgi?id=1151544 ** Changed in: network-manager (Ubuntu Zesty) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS Status in NetworkManager: Unknown Status in network-manager package in Ubuntu: Confirmed Status in network-manager source package in Zesty: Confirmed Status in network-manager source package in Artful: Confirmed Bug description: [Impact] * NetworkManager incorrectly handles dns-priority of the VPN-like connections, which leads to leaking DNS queries outside of the VPN into the general internet. * Upstream has resolved this issue in master and 1.8 to correctly configure any dns backends with negative dns-priority settings. [Test Case] #FIXME# * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. #FIXME# [Regression Potential] * If this issue is changed DNS resolution will change, for certain queries, to go via VPN rather than general internet. And therefore, one may get new/different results or even loose access to resolve/access certain parts of the interent depending on what the DNS server on VPN chooses to respond to. [Other Info] * Original bug report I use a VPN configured with network-manager-openconnect-gnome in which a split-horizon DNS setup assigns different addresses to some names inside the remote network than the addresses seen for those names from outside the remote network. However, systemd-resolved often decides to ignore the VPN’s DNS servers and use the local network’s DNS servers to resolve names (whether in the remote domain or not), breaking the split-horizon DNS. This related bug, reported by Lennart Poettering himself, was closed with the current Fedora release at the time reaching EOL: https://bugzilla.redhat.com/show_bug.cgi?id=1151544 To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/1624317/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
