Should not clear all dns entries when OpenVPN tunnel is established
Context: NetworkManager 1.27.91 + network-manager-openvpn 1.8.12 + systemd-resolved 246.6 (debian bullseye).
When establishing an open vpn which is used as the default route, network-manager clears all entries in the current dns configuration. This also includes suffixes for local domain names, which thus are broken (won't be resolved over the dns).
Prior to establishing the openvpn connection, the dns settings are the following (resolvectl status
, stripped non relevant parts):
Link 2 (wlp2s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
DNS Domain: ~.
home
After establishing the vpn, the settings are the following:
Link 2 (wlp2s0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 12 (tun1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 10.8.0.1
DNS Servers: 10.8.0.1
DNS Domain: ~.
There is no longer a dns for the wlp2s0 interface. This causes that any local domain (ending in .home) will no longer be resolved. The expected result configuration would be :
Link 2 (wlp2s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
DNS Domain: home
Link 12 (tun1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 10.8.0.1
DNS Servers: 10.8.0.1
DNS Domain: ~.
ie, the DNS for wlp2s0 should be kept, but used only for the resolution of home
domain names. NetworkManager should only clear entries in the dns section that have a matching entry in the vpn dns domain settings, and keep others unchanged (maybe it could need an additional parameter in the vpn connection settings, other people may find that the current behaviour fits their need and enforce it).