Ubuntu
network-manager package

network-manager (pptp?) DNS doesn't work

Bug #174909 reported by Arthur Penn
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Binary package hint: network-manager

I can successfully connect to my company's PPTP VPN with network-manager and network-manager-pptp. The DNS, however, does not function properly. When I connect, network-manager correctly overwrites my /etc/resolv.conf with the DNS server from my company's network, but for some reason it is duplicated:

--------------------------/etc/resolv.conf----------------------------------
# generated by NetworkManager, do not edit!

nameserver 172.17.3.1
nameserver 172.17.3.1
--------------------------END /etc/resolv.conf----------------------------

If I use dig to locate resources on my company's domain, they resolve correctly when fully-qualified, as expected:

--------------------------dig output----------------------------
user@host:~$ dig loubdc01.mydomain.local

; <<>> DiG 9.4.1-P1 <<>> loubdc01.mydomain.local
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53824
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;loubdc01.mydomain.local. IN A

;; ANSWER SECTION:
loubdc01.mydomain.local. 3600 IN A 172.16.3.248

;; Query time: 44 msec
;; SERVER: 172.17.3.1#53(172.17.3.1)
;; WHEN: Sat Dec 8 11:03:33 2007
;; MSG SIZE rcvd: 53
-------------------------END dig output---------------------------

However, if I attempt to access any company resources via the fully-qualified name, nothing works (ping, RDP (remote desktop on 3389), etc.):

user@host:~$ ping loubdc01.mydomain.local
ping: unknown host loubdc01.mydomain.local

If I use the IP address, it works:

user@host:~$ ping 172.16.3.248
PING 172.16.3.248 (172.16.3.248) 56(84) bytes of data.
64 bytes from 172.16.3.248: icmp_seq=1 ttl=125 time=43.8 ms

--- 172.16.3.248 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 43.863/43.863/43.863/0.000 ms

If I put an entry in my /etc/hosts file, it also works:

------------/etc/hosts fragment--------------
127.0.0.1 localhost
127.0.1.1 host

172.16.3.248 loubdc01
-----------END /etc/hosts fragment-------------

PING USING MANUAL HOST ENTRY:
user@host:~$ ping loubdc01
PING loubdc01 (172.16.3.248) 56(84) bytes of data.
64 bytes from loubdc01 (172.16.3.248): icmp_seq=1 ttl=125 time=44.8 ms
64 bytes from loubdc01 (172.16.3.248): icmp_seq=2 ttl=125 time=45.6 ms

So while DNS appears to be working, network-manager is not using it. I have had to put in hosts entries for all the servers I access because effectively I must either do that or use the IP addresses to access resources when connected.

Revision history for this message
Neal McBurnett (nealmcb) wrote :

Ping doesn't use network-manager to help it resolve host names. It uses the system libraries which use
nsswitch. What is the entry for "hosts:" in your /etc/nsswitch.conf?

Revision history for this message
Arthur Penn (arthur-penn) wrote :

Thanks for your reply. It is:

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

I haven't modified this file since installation FWIW.

Revision history for this message
Basilio Kublik (sourcercito) wrote :

Hi Arthur
do you still experience this issue with the current version of the application?, could you please try to reproduce this using the live environment of the Desktop CD of the development release - Hardy Heron.

Thanks in advance

Changed in network-manager:
assignee: nobody → sourcercito
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Arthur Penn (arthur-penn) wrote :

I upgraded an installation of Gutsy to Hardy and tried this again. It does not use the peer DNS at all from what I can tell.

I have the "Use Peer DNS" checked under the PPP Options tab of the VPN configuration. Also, on the Routing tab, "Peer DNS through tunnel" is checked. I can see that it added the nameserver from my work domain to /etc/resolv.conf as the second nameserver listed (the nameserver from my router is listed first). However, no matter how I try to specify network resources (short computer names or fully qualified with the Windows domain name), dig doesn't produce any valid lookups. I definitely can ping the resources by IP so I know the tunnel is working.

Revision history for this message
Arthur Penn (arthur-penn) wrote :

It seems that as long as that first nameserver is listed in resolv.conf, it always gets used, and of course has no knowledge of my work's domain. Should it not remove my router's nameserver when I connect the tunnel, or is there an option to have it do this?

I tried commenting out the first nameserver. This indeed does force the lookups to the nameserver over the tunnel. I get responses as long as I fully-qualify the names of the resouces (e.g. computer.domain.local).

Revision history for this message
Glenn Allen (gallen-goorooinc) wrote :

Change the hosts line to read:

hosts: files dns wins mdns4_minimal mdns4

This won't fix the duplicate entry in resolv.conf, but it will get DNS to resolve properly through the VPN.

Revision history for this message
Glenn Allen (gallen-goorooinc) wrote :

Sorry, wins isn't necessary (I added that for my corporate network in which wins simplifies things quite a bit), and technically the mdns4 and mdns4_minimal shouldn't be necessary, but I'm not sure how they're being used by the system.

Revision history for this message
Arthur Penn (arthur-penn) wrote :

Thanks, that did the trick. That should probably be the default setting for /etc/nsswitch.conf.

Revision history for this message
Glenn Allen (gallen-goorooinc) wrote :

Actually, the problem is probably stemming from your network having a domain suffix of ".local" - Avahi (and Bonjour) use .local internally, and that's probably what's causing it to fail to resolve properly. There's no simple solution, but I'm almost positive that this is the intended behavior. Since I'm not very well versed in the internals of Avahi I definitely wouldn't be the one to ask about this, but if anyone else has any insight as to a possible solution or at least a "more sane" default (seeing as there are a lot of users with .local domains, (generally Windows domains)) it would be very welcome.

Revision history for this message
Glenn Allen (gallen-goorooinc) wrote :

In either case, the bug isn't being caused by network-manager-pptp or network-manager itself, but instead this bug should probably be moved to either base-files or one of the Avahi packages.

Revision history for this message
Glenn Allen (gallen-goorooinc) wrote :

Correction: I had forgotten about the original issue with the duplicate entries in resolv.conf. That probably IS a bug in network-manager-pptp.

Revision history for this message
Arthur Penn (arthur-penn) wrote :

I'm not sure to which package that .local issue should be moved. How would we find out?

Revision history for this message
Glenn Allen (gallen-goorooinc) wrote :

I would think to move the bug to "avahi" if you're referring specifically to the issue with .local domains, however, I wouldn't expect this to be fixed upstream as it's more than likely the intended behavior. However, I would file a separate bug report under base-files suggesting more "sane" defaults for nsswitch.conf. This is, of course, assuming that the workaround doesn't cause more problems than it cures. Does anyone with knowledge of avahi's internals have any input?

Revision history for this message
Alexander Sack (asac) wrote :

fixed in intrepid.

Changed in network-manager:
assignee: sourcercito → nobody
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.