[Dnssec-trigger] [Bug] incorrect DNS servers are used when network-manager connects to VPN

Pavel Simerda psimerda at redhat.com
Sun Sep 21 15:25:14 UTC 2014

----- Original Message -----
> From: "Ralf Jung" <post at ralfj.de>
> To: "Pavel Simerda" <psimerda at redhat.com>
> Cc: "Tomas Hozza" <thozza at redhat.com>, "Paul Wouters" <paul at nohats.ca>, dnssec-trigger at NLnetLabs.nl
> Sent: Sunday, September 21, 2014 2:56:08 PM
> Subject: Re: [Dnssec-trigger] [Bug] incorrect DNS servers are used when network-manager connects to VPN
> Hi,
> >> Do you have an example for a VPN plugin that uses the "right" way to
> >> expose information to NM? That would be a good starter to get this into
> >> OpenConnect.
> > 
> > There's https://git.gnome.org/browse/network-manager-openconnect/
> Well, yes, that's what I am using. It shows the behaviour that I
> described (DNS servers are not properly forwarded to dnssec-trigger). I
> thought you said that this plugin needs patching to fix this forwarding?


I'm sorry, I didn't follow the discussion carefully. We (more specificaly I and Tomáš) are working on the dnssec-trigger hooks for NetworkManager. You're apparently using an older/different version so the behavior may be much different from what we are already testing. Basically the VPN is expected to give away information to NetworkManager and we're getting the information from NetworkManager and setting up unbound accordingly. Depending on the configuration of NM, the VPN name servers or the physical connection name servers are used globally, and the VPN name servers are being used for known domains for the VPN. I'm not using the openconnect plugin myself.

It might be better if you find me (pavlix) on IRC Freenode (for example in #nm) and we can discuss it in more detail.



> Kind regards
> Ralf

More information about the dnssec-trigger mailing list