Bug 842037 - NetworkManager not configured for split dns
Summary: NetworkManager not configured for split dns
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-21 05:25 UTC by Máirín Duffy
Modified: 2019-11-15 09:20 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description Máirín Duffy 2012-07-21 05:25:18 UTC
Description of problem:

Hi, I can see from Dan's blog that there was in 2010 a plan to enable split caching via dnsmasq in NetworkManager, but this still isn't the case in Fedora. I was able to get it to work by manually adding dns=dnsmasq to /etc/NetworkManager/NetworkManager.conf but that isn't the best user experience.

Basically, if I'm working from home and on the VPN, and someone sends me a silly non-work related link, I don't think it's good for that link to get resolved on the DNS behind the VPN. I'd rather waste Comcast's bandwidth on lolcats and twitter.

Comment 1 Dan Allen 2012-07-23 02:44:04 UTC
A discussion about this feature request in the following post conclused with the same solution that Máirín proposed:

https://plus.google.com/114112334290393746697/posts/1zoReZsbDgU

It's important to note that the split DNS strategy allows a computer that is connected to VPN to still be able to resolve hostnames on the same local network. In other words, with split DNS, connecting to the VPN does not break backups over a local network :)

Comment 2 Dan Winship 2012-07-23 13:16:26 UTC
I think part of why this hasn't happened yet is https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations; we probably actually want to use unbound rather than dnsmasq, and we don't currently have any support for that.

Comment 3 Dan Allen 2012-07-26 18:30:49 UTC
I can confirm that if I follow these steps on Fedora 17, I can connect to the VPN and still resolve hostnames in the local network.

$ sudo yum install unbound dnssec-trigger
$ sudo systemctl start unbound.service
$ sudo systemctl start dnssec-triggerd.service

$ ping computername
ping: unknown host mojave.home

$ ping computername.local
PING computername.local (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=102 ms

Connect to VPN

$ ping computername.local
PING computername.local (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=102 ms

Note that I know have to append .local to local computer names, which I'm guessing is part of the additional security provided by these services.

Comment 4 Peter Robinson 2012-11-06 10:44:39 UTC
Just a word of warning that the NetworkManager-0.9.6.4-1.fc17 update appears to break dnsmasq support. I've filed bug RHBZ 873621 for those that use this.

Comment 5 Fedora End Of Life 2013-04-03 14:25:15 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19

Comment 6 Pavel Šimerda (pavlix) 2013-05-07 13:53:57 UTC
Unbound would be a better choice for long-term split DNS with DNSSEC:

https://bugzilla.gnome.org/show_bug.cgi?id=699810

But for now I think even dnsmasq with split DNS and without DNSSEC would be a good choice for the following reasons:

1) Split DNS is an important operational feature.

2) People would get used to having a local recursive nameserver and the switch to DNSSEC would be rather easy.

Comment 7 Charles R. Anderson 2014-04-15 13:04:24 UTC
There is a new thread and Fedora Change about this:

https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html

https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver

Comment 8 Fedora End Of Life 2015-01-09 17:16:12 UTC
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 9 Jan Kurik 2015-07-15 15:05:35 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23

Comment 10 Fedora Admin XMLRPC Client 2015-08-18 15:00:46 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 11 Fedora End Of Life 2016-11-24 10:42:05 UTC
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 12 elenageorge 2018-10-18 05:26:07 UTC
This is most occurred configuration issues on the server side. the VPN server should only push that domain that can resolve by them. You have to arrange your VPN connection IP settings in network manager to use the connection most effective for resources on its community. get more about network issues at https://www.outlooktechnicalsupportnumbers.com/hughesnet-support/

Comment 13 Shoaib 2019-11-15 09:20:48 UTC
Thank you a bunch for sharing this with all people you really know what you’re speaking about! Bookmarked. Kindly additionally consult with my web site. We could have a link change contract among us!

https://uaetechnician.ae/laptop-repair-services


Note You need to log in before you can comment on or make changes to this bug.