You are not logged in.
Hey,
I set up a VPN connection using the openconnect plugin for networkmanager (nm-applet under xfce). When I'm connected "normaly", my /etc/resolv.conf looks like the following as I use pdnsd as a local DNS caching service:
nameserver 127.0.0.1When I connect to my VPN, networkmanager seems to modify my resolv.conf, which then contains one more line:
search SOME-DOMA.IN
nameserver 127.0.0.1This breaks pdnsd as it is no longer possible to resolve addresses, let it be firefox or the drill command, until I manually restart pdnsd's service via systemctl.
Did I miss something? Here are further information as well as my pdnsd configuration:
ip link (when connected to the VPN)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether d0:50:99:01:54:e4 brd ff:ff:ff:ff:ff:ff
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DORMANT group default qlen 1000
link/ether 00:1f:cf:51:a2:da brd ff:ff:ff:ff:ff:ff
7: vpn0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1406 qdisc pfifo_fast state UP mode DEFAULT group default qlen 500
link/none/etc/resolvconf.conf
resolv_conf=/etc/resolv.conf
name_servers=127.0.0.1/etc/pdnsd.conf
global {
perm_cache = 8192; # 8MB
cache_dir = "/var/cache/pdnsd";
# pid_file = /var/run/pdnsd.pid;
run_as = "pdnsd";
server_ip = 127.0.0.1; # Use eth0 here if you want to allow other
# machines on your network to query pdnsd.
server_port = 53;
status_ctl = on;
# paranoid = on; # This option reduces the chance of cache poisoning
# but may make pdnsd less efficient, unfortunately.
query_method = udp_tcp;
min_ttl = 5d; # Retain cached entries at least 5 days.
max_ttl = 3w; # 3 weeks.
timeout = 60; # Global timeout option (10 seconds).
neg_domain_pol = auth;
udpbufsize = 1024; # Upper limit on the size of UDP messages.
neg_rrs_pol = default;
par_queries = 2; # how many DNS-servers shuld be queried simultaneously
}
server {
label = "tor";
ip = 127.0.0.1;
port = 9053;
caching = on;
proxy_only = on;
timeout = 30;
uptest = none;
interface = any;
interval = 10m;
purge_cache = off;
edns_query = off;
uptest = none;
policy = included;
preset = on;
lean_query = on;
}
source {
owner = localhost;
# serve_aliases = on;
file = "/etc/hosts";
}
# Block unwanted sites and ads
include { file = "/etc/pdnsd.block"; }
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}Offline
Well.. the problem's gone, it actually seemed to be a something else during the first time after set up.
Offline
I'm experiencing the same problem with pdnsd.service needing to be restarted before resolving new queries, cached queries are still answered. Both OpenVPN and pdnsd have been working fine simultaneously for a long time, the problem only arose recently without any new conf or updates iirc.
#ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 7c:7a:91:aa:04:42 brd ff:ff:ff:ff:ff:ff
inet XXX.XXX.XXX.XXX/XX brd XXX.XXX.XXX.XXX scope global wlp3s0
valid_lft forever preferred_lft forever
inet6 fe80::7e7a:91ff:feaa:442/64 scope link
valid_lft forever preferred_lft forever
3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 28:d2:44:26:34:78 brd ff:ff:ff:ff:ff:ff
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
valid_lft forever preferred_lft forever/etc/resolvconf.conf
resolv_conf=/etc/resolv.conf
name_servers=127.0.0.1
pdnsd_resolv=/etc/pdnsd-resolv.conf/etc/pdnsd.conf
global {
perm_cache=1024;
cache_dir="/var/cache/pdnsd";
# pid_file = /var/run/pdnsd.pid;
run_as="pdnsd";
server_ip = 127.0.0.1; # Use eth0 here if you want to allow other
# machines on your network to query pdnsd.
status_ctl = on;
# paranoid=on; # This option reduces the chance of cache poisoning
# but may make pdnsd less efficient, unfortunately.
query_method=udp_tcp;
min_ttl=15m; # Retain cached entries at least 15 minutes.
max_ttl=1w; # One week.
timeout=10; # Global timeout option (10 seconds).
neg_domain_pol=on;
udpbufsize=1024; # Upper limit on the size of UDP messages.
}
server {
label= "CensurfriDNS.dk";
ip = 91.239.100.100, 89.233.43.71; # Put your ISP's DNS-server address(es) here.
port = 5353;
timeout=4; # Server timeout; this may be much shorter
# that the global timeout option.
uptest=query; # Test if the network interface is active.
query_test_name=".";
interval=10m; # Check every 10 minutes.
purge_cache=off; # Keep stale cache entries in case the ISP's
# DNS servers go offline.
edns_query=yes; # Use EDNS for outgoing queries to allow UDP messages
# larger than 512 bytes. May cause trouble with some
# legacy systems.
}
server {
label= "resolvconf";
file = "/etc/pdnsd-resolv.conf"; # Preferably do not use /etc/resolv.conf
timeout=4; # Server timeout; this may be much shorter
# that the global timeout option.
uptest=query; # Test if the network interface is active.
query_test_name=".";
interval=10m; # Check every 10 minutes.
purge_cache=off; # Keep stale cache entries in case the ISP's
# DNS servers go offline.
edns_query=yes; # Use EDNS for outgoing queries to allow UDP messages
# larger than 512 bytes. May cause trouble with some
# legacy systems.
preset=off;
}
source {
owner=localhost;
# serve_aliases=on;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}
neg {
name=doubleclick.net;
types=domain; # This will also block xxx.doubleclick.net, etc.
}Last edited by usprey (2014-12-02 01:23:35)
Offline