I was wondering if the OP (pblmx) found a solution. I am also using Cisco Anyconnect for my companies VPN and once I connect to the VPN, I am unable to connect to any company servers.
The DNS part of systemd-resolved is working because the correct IP addresses are found I just unable to connect to any servers. I have been fighting this for two weeks since I updated to F33. Strange thing about this is I know it worked for one day (the first day using company VPN after upgrading to F33) and then it hasn’t worked since.
Including this post and the links in this thread, I have also read these:
https://blogs.gnome.org/mcatanzaro/2020/12/17/understanding-systemd-resolved-split-dns-and-vpn-configuration/
None of the suggestions in these links has helped. Since I am able to resolve the IP address from the hostname from my company, I believe that DNS is working. It’s the routing part of systemd-resolved that I don’t think is working (but I’m no expert when it comes to networking).
For initial debug here is some information when I’m connected to the VPN:
$ resolvectl domain
Global: (company domain)
Link 2 (enp4s0):
Link 3 (wlp3s0):
Link 5 (virbr0):
Link 6 (virbr0-nic):
Link 11 (cscotun0):
$ resolvectl dns
Global: 192.168.100.1 192.168.110.5
Link 2 (enp4s0): 192.168.0.1
Link 3 (wlp3s0):
Link 5 (virbr0):
Link 6 (virbr0-nic):
Link 11 (cscotun0):
$ resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 192.168.100.1
DNS Servers: 192.168.100.1 192.168.110.5
DNS Domain: (company domain)
Link 2 (enp4s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
Link 3 (wlp3s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 5 (virbr0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 6 (virbr0-nic)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 11 (cscotun0)
Current Scopes: LLMNR/IPv4
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
$ resolvectl query (company domain)
(company domain): (company IP address) – link: cscotun0
– Information acquired via protocol DNS in 19.9ms.
– Data is authenticated: no
$ resolvectl query (server in company domain)
(server in company domain): (company server IP address) – link: cscotun0
– Information acquired via protocol DNS in 1.2ms.
– Data is authenticated: no
Although this thread is a little old, I’m hoping that someone can help me. I don’t want to reinstall F32 because I’m going to have to find a solution at some point and it would just be kicking the can down the road.
Thanks,
Mike