Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 612614 - net-vpn/networkmanager-openvpn and net-dns/openresolv: unexpected(?) DNS order
Summary: net-vpn/networkmanager-openvpn and net-dns/openresolv: unexpected(?) DNS order
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
Depends on:
Reported: 2017-03-14 13:14 UTC by Benjamin Schindler
Modified: 2022-04-08 19:55 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Benjamin Schindler 2017-03-14 13:14:49 UTC
I'm not sure this is actually a bug, but since I should be able to expect this to work out of the box, here we go: 

I have set up my company vpn using networkmanager (openvpn) in kde and I'm able to connect to the company just fine. Dns however, does not work correctly. Any domain not part of the company network keeps on working, but intranet pages don't. So I checked /etc/resolv.conf and this is what I have: 

# Generated by resolvconf

With the vpn disconnected, I have this: 

# Generated by resolvconf

So it seems that the vpn nameservers don't get priority over my home router for some reason. I tried the same on my laptop (arch linux). And there, I also have all three nameservers in there, but the vpn ones having precedence over the "old" one which is why it works there. 

Installed versions: 
- net-misc/networkmanager-openvpn-1.2.6
- net-misc/networkmanager-1.4.4-r1
- net-dns/openresolv-3.8.1

Emerge info: 

metis benjamin # emerge --info
Portage 2.3.3 (python 3.4.5-final-0, default/linux/amd64/13.0/desktop/plasma/systemd, gcc-5.4.0, glibc-2.23-r3, 4.4.39-gentoo x86_64)
System uname: Linux-4.4.39-gentoo-x86_64-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-2.3
KiB Mem:    16432444 total,  10127356 free
KiB Swap:      80320 total,     80320 free
Timestamp of repository gentoo: Tue, 14 Mar 2017 12:43:53 +0000
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
ccache version 3.2.4 [disabled]
app-shells/bash:          4.3_p48-r1::gentoo
dev-lang/perl:            5.22.3_rc4::gentoo
dev-lang/python:          2.7.12::gentoo, 3.4.5::gentoo
dev-util/ccache:          3.2.4::gentoo
dev-util/cmake:           3.7.2::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.3::gentoo
sys-apps/openrc:          0.23.2::gentoo
sys-apps/sandbox:         2.10-r3::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo, 2.26.1::gentoo
sys-devel/gcc:            5.4.0-r3::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.23-r3::gentoo

    location: /usr/portage
    sync-type: git
    priority: -1000

ACCEPT_LICENSE="* -@EULA dlj-1.1 skype-eula googleearth AdobeFlash-10.3 Oracle-BCLA-JavaSE skype- AdobeFlash-11.x NVIDIA-CUDA"
CFLAGS="-O2 -pipe -march=native"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=native"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS=" rsync://"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
USE="X a52 aac accessibility acl acpi alsa amd64 avahi bash-completion berkdb branding bzip2 cairo cdda cdparanoia cdr chm cli cmake colord cracklib crypt cscope cups curl cxx daap dbus declarative dri dts dvd dvdr dvdread egl emboss enblend encode evdev exif fam ffmpeg fftw firefox flac fontconfig fortran ftp gdbm geolocation gif gimp git glamor gnome gnome-keyring gold gphoto2 gpm graphite graphviz gstreamer gtk gtk2 gudev hddtemp hwdb iconv icu imagemagick imap introspection ipv6 jpeg kde kipi kpathsea kwallet lcms ldap legacy-systray libnotify lldb lm_sensors lto mad mercurial mikmod mng mod modules mozdevelop moznocompose moznoirc moznomail mozsvg mp3 mp4 mpeg mplayer mtp multilib ncurses networkmanager nls nogcj nptl nsplugin ogg oggvorbis openal opencl openexr opengl openmp pam pango pch pcre pdf perl phonon plasma png policykit ppds pulseaudio python qml qt3support qt4 qt5 readline resolvconf samba scanner sdl seccomp semantic-desktop session sift spell sql sse3 sse4_1 ssl startup-notification subversion svg systemd tcpd theora threads tiff transcode truetype udev udisks unicode upnp upower usb v4l vim-syntax visualization vorbis wayland webkit widgets wlm wmf wxwidgets x264 xattr xcb xcomposite xinerama xml xmp xpm xscreensaver xv xvid zeroconf zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="evdev" KERNEL="linux" L10N="en de" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en de" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21" USERLAND="GNU" VIDEO_CARDS="nv nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 1 Alexander Tsoy 2017-04-05 19:11:41 UTC
What's the name of your tun/tap interface? I prefer to give names to vpn interfaces like "tun_${some meaningful name}" so I had to change dynamic_order in resolvconf.conf:

$ grep dynamic_order /etc/resolvconf.conf
dynamic_order="${dynamic_order} tun_*"
Comment 2 Alon Bar-Lev (RETIRED) gentoo-dev 2017-04-08 16:58:24 UTC
You should define the metric in the route:
   --route network/IP [netmask] [gateway] [metric]

This will enable you to control the route metrics and also if prioritize will affect the DNS metrics.
Comment 3 Benjamin Schindler 2018-02-06 07:55:36 UTC
Hey, sorry for not getting back earlier. I did not receive notification about your answers here. 

I think I am getting to the bottom of this - resolvconf has two interfaces listed - eth0.dhcp and NetworkManager. The resolv.conf for eth0.dhcp just contained (changed ip's in the meantime) and the one from NetworkManager contained the correct order: 


And in addition, eth0.dhcp hat a metric, NetworkManager didn't. So what I did is this in resolvconf.conf: 

interface_order="NetworkManager ${interface_order}"

I consider this to be a quite ugly hack, so my question is: where does eth0.dhcp come from? Is this systemd (I did not mention that I am using systemd) fighting against NetworkManager?
Comment 4 Alexander Tsoy 2018-02-07 02:17:00 UTC
(In reply to Benjamin Schindler from comment #3)
> I consider this to be a quite ugly hack, so my question is: where does
> eth0.dhcp come from? Is this systemd (I did not mention that I am using
> systemd) fighting against NetworkManager?
You probably have NetworkManager configured with dhcpcd. Try to disable resolv.conf hook: add "nohook resolv.conf" into /etc/dhcpcd.conf.
Comment 5 Alexander Tsoy 2018-02-07 02:24:19 UTC
Note that this is just my guess. I think that's where .dhcp suffix came from (/lib/dhcpcd/dhcpcd-run-hooks):

case "$reason" in