[Dnssec-trigger] [Bug] incorrect DNS servers are used when network-manager connects to VPN

Ralf Jung post at ralfj.de
Wed Sep 3 20:31:48 UTC 2014


>> I am using the packages in Debian testing, and also reported this issue
>> downstream: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760147>
>> The version of NM is, dnssec-trigger is at version 0.13~svn685.
> In fedora/rhel/centos, we have hooks in the vpn software that checks if
> unbound is running, and reconfigured unbound. We have this for libreswan
> IPsec and in openvpn (and I believe vpnc). What VPN software are you
> using?
> Here is an example (see around line 209):
> https://github.com/libreswan/libreswan/blob/master/programs/_updown.netkey/_updown.netkey.in

I am using OpenConnect - it not being on your list may explain the
problem ;-) . I had hoped that there would be some general solution to
hook into NM, that doesn't require additional work for each VPN
provider. Is there a common infrastructure, or would I have to start
from scratch if I wanted to add support to OpenConnect for this?

So unbound needs to be explicitly supported for this use by the VPN
providers, but dnssec-trigger can hook into that properly? After all, it
has to re-do the probe after the VPN connection is established.

Kind regards

More information about the dnssec-trigger mailing list