group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1603898] Re: DNS resolution fails when using VPN and routing all traffic over it

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Aron Xu <1603898@xxxxxxxxxxxxxxxxxx>
Date: Fri, 07 Apr 2017 02:52:43 -0000
Reply-to: Bug 1603898 <1603898@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
*** This bug is a duplicate of bug 1639776 ***
    https://bugs.launchpad.net/bugs/1639776

** This bug has been marked a duplicate of bug 1639776
   dnsmasq fails to send queries out after suspend disconnects the interface

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1603898

Title:
  DNS resolution fails when using VPN and routing all traffic over it

Status in network-manager package in Ubuntu:
  Confirmed
Status in network-manager source package in Xenial:
  Confirmed

Bug description:
  When using our company VPN, the Network Manager configured dnsmasq
  ends up in a weird state where its unable to answer queries because
  it's (incorrectly) sending them to 127.0.0.1:53 where nothing is
  listening.

  | root@ornery:~# nmcli con show 'Canonical UK - All Traffic' | grep -i dns
  | ipv4.dns:
  | ipv4.dns-search:
  | ipv4.dns-options:                       (default)
  | ipv4.ignore-auto-dns:                   no
  | ipv6.dns:
  | ipv6.dns-search:
  | ipv6.dns-options:                       (default)
  | ipv6.ignore-auto-dns:                   no
  | IP4.DNS[1]:                             10.172.192.1
  | root@ornery:~# ps auxfwwwww | grep [4]035
  | nobody    4035  0.0  0.0  52872  1620 ?        S    Jun29   6:39  \_ /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
  | root@ornery:~# 

  Querying the DNS server provided by the VPN connection works; querying
  dnsmasq doesn't:

  | root@ornery:~# dig +short @10.172.192.1 www.openbsd.org
  | 129.128.5.194
  | root@ornery:~# dig @127.0.1.1 www.openbsd.org
  | 
  | ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.1.1 www.openbsd.org
  | ; (1 server found)
  | ;; global options: +cmd
  | ;; Got answer:
  | ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 6996
  | ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
  | 
  | ;; QUESTION SECTION:
  | ;www.openbsd.org.               IN      A
  | 
  | ;; Query time: 0 msec
  | ;; SERVER: 127.0.1.1#53(127.0.1.1)
  | ;; WHEN: Mon Jul 18 10:25:48 CEST 2016
  | ;; MSG SIZE  rcvd: 33
  | 
  | root@ornery:~# 

  While running 'dig @127.0.1.1 www.openbsd.org':

  | root@ornery:~# tcpdump -i lo port 53 -v -n
  | tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
  | 10:26:04.728905 IP (tos 0x0, ttl 64, id 56577, offset 0, flags [none], proto UDP (17), length 72)
  |     127.0.0.1.54917 > 127.0.1.1.53: 32273+ [1au] A? www.openbsd.org. (44)
  | 10:26:04.729001 IP (tos 0x0, ttl 64, id 49204, offset 0, flags [DF], proto UDP (17), length 61)
  |     127.0.1.1.53 > 127.0.0.1.54917: 32273 Refused$ 0/0/0 (33)

  | root@ornery:~# netstat -anp | grep 127.0.[01].1:53
  | tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      4035/dnsmasq    
  | udp        0      0 127.0.1.1:53            0.0.0.0:*                           4035/dnsmasq    
  | root@ornery:~# 

  You can see below a) that dnsmasq thinks it is configured to use a DNS
  server provided by the VPN, and/but that b) it tries to answer a non
  local query like www.openbsd.org locally.

  | root@ornery:~# kill -USR1 4035; tail /var/log/syslog | grep dnsmasq
  | Jul 18 09:29:22 ornery dnsmasq[4035]: time 1468830562
  | Jul 18 09:29:22 ornery dnsmasq[4035]: cache size 0, 0/0 cache insertions re-used unexpired cache entries.
  | Jul 18 09:29:22 ornery dnsmasq[4035]: queries forwarded 1880976, queries answered locally 375041
  | Jul 18 09:29:22 ornery dnsmasq[4035]: queries for authoritative zones 0
  | Jul 18 09:29:22 ornery dnsmasq[4035]: server 10.172.192.1#53: queries sent 792, retried or failed 0
  | root@ornery:~# dig +short @127.0.1.1 www.openbsd.org
  | root@ornery:~# kill -USR1 4035; tail /var/log/syslog | grep dnsmasq
  | Jul 18 09:29:22 ornery dnsmasq[4035]: queries for authoritative zones 0
  | Jul 18 09:29:22 ornery dnsmasq[4035]: server 10.172.192.1#53: queries sent 792, retried or failed 0
  | Jul 18 09:29:37 ornery dnsmasq[4035]: time 1468830577
  | Jul 18 09:29:37 ornery dnsmasq[4035]: cache size 0, 0/0 cache insertions re-used unexpired cache entries.
  | Jul 18 09:29:37 ornery dnsmasq[4035]: queries forwarded 1880976, queries answered locally 375042
  | Jul 18 09:29:37 ornery dnsmasq[4035]: queries for authoritative zones 0
  | Jul 18 09:29:37 ornery dnsmasq[4035]: server 10.172.192.1#53: queries sent 792, retried or failed 0
  | root@ornery:~# 

  This is on Ubuntu 16.04, with the following packages:

  | james@ornery:~$ COLUMNS=200 dpkg -l dnsmasq-base network-manager network-manager-openvpn | grep ^ii
  | ii  dnsmasq-base                                 2.75-1ubuntu0.16.04.1       amd64                       Small caching DNS proxy and DHCP/TFTP server
  | ii  network-manager                              1.2.0-0ubuntu0.16.04.2      amd64                       network management framework (daemon and userspace tools)
  | ii  network-manager-openvpn                      1.1.93-1ubuntu1             amd64                       network management framework (OpenVPN plugin core)
  | james@ornery:~$

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1603898/+subscriptions