Bug 842037 - NetworkManager not configured for split dns
NetworkManager not configured for split dns
Status: NEW
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lubomir Rintel
Fedora Extras Quality Assurance
: Tracking
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-21 01:25 EDT by Máirín Duffy
Modified: 2017-11-30 13:49 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Máirín Duffy 2012-07-21 01:25:18 EDT
Description of problem:

Hi, I can see from Dan's blog that there was in 2010 a plan to enable split caching via dnsmasq in NetworkManager, but this still isn't the case in Fedora. I was able to get it to work by manually adding dns=dnsmasq to /etc/NetworkManager/NetworkManager.conf but that isn't the best user experience.

Basically, if I'm working from home and on the VPN, and someone sends me a silly non-work related link, I don't think it's good for that link to get resolved on the DNS behind the VPN. I'd rather waste Comcast's bandwidth on lolcats and twitter.
Comment 1 Dan Allen 2012-07-22 22:44:04 EDT
A discussion about this feature request in the following post conclused with the same solution that Máirín proposed:

https://plus.google.com/114112334290393746697/posts/1zoReZsbDgU

It's important to note that the split DNS strategy allows a computer that is connected to VPN to still be able to resolve hostnames on the same local network. In other words, with split DNS, connecting to the VPN does not break backups over a local network :)
Comment 2 Dan Winship 2012-07-23 09:16:26 EDT
I think part of why this hasn't happened yet is https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations; we probably actually want to use unbound rather than dnsmasq, and we don't currently have any support for that.
Comment 3 Dan Allen 2012-07-26 14:30:49 EDT
I can confirm that if I follow these steps on Fedora 17, I can connect to the VPN and still resolve hostnames in the local network.

$ sudo yum install unbound dnssec-trigger
$ sudo systemctl start unbound.service
$ sudo systemctl start dnssec-triggerd.service

$ ping computername
ping: unknown host mojave.home

$ ping computername.local
PING computername.local (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=102 ms

Connect to VPN

$ ping computername.local
PING computername.local (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=102 ms

Note that I know have to append .local to local computer names, which I'm guessing is part of the additional security provided by these services.
Comment 4 Peter Robinson 2012-11-06 05:44:39 EST
Just a word of warning that the NetworkManager-0.9.6.4-1.fc17 update appears to break dnsmasq support. I've filed bug RHBZ 873621 for those that use this.
Comment 5 Fedora End Of Life 2013-04-03 10:25:15 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 6 Pavel Šimerda (pavlix) 2013-05-07 09:53:57 EDT
Unbound would be a better choice for long-term split DNS with DNSSEC:

https://bugzilla.gnome.org/show_bug.cgi?id=699810

But for now I think even dnsmasq with split DNS and without DNSSEC would be a good choice for the following reasons:

1) Split DNS is an important operational feature.

2) People would get used to having a local recursive nameserver and the switch to DNSSEC would be rather easy.
Comment 7 Charles R. Anderson 2014-04-15 09:04:24 EDT
There is a new thread and Fedora Change about this:

https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html

https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
Comment 8 Fedora End Of Life 2015-01-09 12:16:12 EST
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 9 Jan Kurik 2015-07-15 11:05:35 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
Comment 10 Fedora Admin XMLRPC Client 2015-08-18 11:00:46 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 11 Fedora End Of Life 2016-11-24 05:42:05 EST
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Note You need to log in before you can comment on or make changes to this bug.