Ubuntu
network-manager package

dhclient overrides nameservers in resolv.conf

Bug #159114 reported by William Gallafent
2
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: network-manager

Using the "Manual Configuration..." dialog of KNetworkManager, set up your network connection (in my case, wlan1):
- use the "Configure Interface" button to produce the dialog called "Configure Device wlan1 - KDE Control Module"
- In this dialog, choose "Automatic - DHCP" and check "Activate when the computer starts" - then OK that dialog
- Choose the "Domain Name System" tab
- Enter two domain name servers, e.g. 1.2.3.4 and 5.6.7.8
- Press Apply or OK

Your network connection will be brought up, but the chosen Domain Name Servers are not used. Instead, the DNS provided as part of the DHCP negotiation is used instead.

In order to fix this, I have added the following line to my /etc/dhcp3/dhclient.conf:

supersede domain-name-servers 1.2.3.4,5.6.7.8;

This prevents the dhclient from overriding my settings, and everything else about DHCP is unchanged.

So, KNetworkManager should add the equivalent line to /etc/dhcp3/dhclient.conf in this situation (dhcp enabled, but name servers provided by the user). Though usually just annoying (e.g. my home black-box router has a broken DNS server), this is _potentially_ a security problem indirectly, since many home routers are vulnerable to being attacked, which could, for example, allow their built-in DNS to be poisoned.

See original description
Revision history for this message
William Gallafent (william-gallaf-deactivatedaccount) wrote :

I believe that this affects not only KNetworkManager, but any network-manager based installation. See also bug #126592.

description: updated
Revision history for this message
Paul Dufresne (paulduf) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug #90681, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.