DNS resolution problem with fedora 33

mtodescato · November 12, 2020, 1:02pm

Hi after the upgrade to fedora 33 the VPN (openconnect) does not resolve the DNS addresses anymore.
I know of the switch to systemd-resolved, but event thought i am setting apparently the right dns as shown from the output:
➜ resolvectl domain
Global:
Link 2 (wlp58s0): ~.
Link 3 (virbr0):
Link 4 (virbr0-nic):
Link 6 (tun0): corp.company.com

Global: 10.x.x.21 10.x.x.21
Link 2 (wlp58s0): 8.8.8.8 1.1.1.1
Link 3 (virbr0):
Link 4 (virbr0-nic):
Link 6 (tun0): 10.x.x.21 10.x.x.21

The dns servers are assigned to the tun0 which is the vpn network interface but those are not called for some reason.
Am i misconfiguring something?

thanks

vgaetera · November 12, 2020, 1:25pm

It should be similar to the following:
https://discussion.fedoraproject.org/t/f33-dns-from-vpn-is-not-longer-in-use-after-upgrad/71406/2?u=vgaetera

mtodescato · November 12, 2020, 5:31pm

It should be similar, but actually turning off systemd-resolv or doing what you suggested in one of the linked post:
sudo nmcli connection modify id tun0
ipv4.dns-search ~. ipv6.dns-search ~.
ipv4.dns-priority -50 ipv6.dns-priority -50

does not seems to work, a part from the fact that my vpn seems to not support ipv6 in some way, that command for me does not change resolve config.
Maybe i am looking for changes in the wrong place?

vgaetera · November 12, 2020, 6:02pm

No, another connection name, see:

nmcli connection show

mtodescato · November 12, 2020, 7:39pm

Clearly i am missing something.
Am i suppose to modify the vpn connection? which for me is tun0.

vgaetera · November 12, 2020, 9:03pm

Not really, that is just a temporary name for an active interface.

Yep, the persistent VPN connection profile:

nmcli connection show | grep -e vpn

Assuming that your VPN connection is configured and managed by NetworkManager:

sudo dnf install NetworkManager-openconnect-gnome

mtodescato · November 13, 2020, 9:51am

Ok i was using the vpn with the cli client of openconnect, so i didn’t had a persistent vpn config.
I created one profile for the vpn on network manager, and did the same processe of changing the connection profile, but it still seems to not resolve dns

vgaetera · November 13, 2020, 10:25am

Establish the VPN connection and post your configuration redacting the private parts:

PAGER= nmcli connection show id VPN_CON
resolvectl dns; resolvectl domain

mtodescato · November 13, 2020, 10:30am

I’ve done once again all the steps and for some reason now dns now works, don’t know why.
Thanks for the help.

vgaetera · November 13, 2020, 10:41am

Remember to re-establish the connection to apply changes.

akostadi · November 19, 2020, 10:09pm

For network manager, to get split-DSN, had to set (at least in the past)

$ cat /etc/NetworkManager/conf.d/local.conf
[main]
dns=dnsmasq

vgaetera · November 20, 2020, 12:18am

Split-DNS is supported by systemd-resolved, which is enabled by default in Fedora 33:

system · December 18, 2020, 12:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.