Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not using the DNS servers after period of time #53

Closed
GM12Tick opened this issue Oct 15, 2018 · 11 comments
Closed

Not using the DNS servers after period of time #53

GM12Tick opened this issue Oct 15, 2018 · 11 comments
Assignees
@jonathanio
Labels
Help Wanted Question

Comments

@GM12Tick
Copy link

Hi,

I'm getting DHCP-Options that push DNS servers , domain search and specific routes.
After some period of time connected to the VPN, my dns queries stop going through my dns server.

when doing systemd-resolve --status i still see the dns server in the interface, but for some reason this dns server is not used for the queries...

Any ideas?

The problematic domain is "gmistick.internal" , is that a problem?
@GM12Tick
Copy link
Author

:\

@jonathanio jonathanio self-assigned this Oct 22, 2018
@jonathanio
Copy link
Owner

@gmistick,

You say that the server is in the list, but what about the route for the domain name? Using a tool such as dig can you query the name-server over the link successfully too after this happens?

@GM12Tick
Copy link
Author

GM12Tick commented Oct 22, 2018
edited

I see the route exists and that i can access all servers in the VPN by IP, i just can't access by DNS. (the dns server is within the vpn and im able to access it , just the resolving is failing)

I'm able to ping the DNS server by IP when i have this issue.
Maybe this happens due to computer goes into sleep / idle ? but when it returns i dont see it reconnect to VPN so i assume it should be ok.

Link 14 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 10.128.0.20
8.8.8.8
DNS Domain: gmistick.internal
~.

Link 12 (enx1065309061cc)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 8.8.8.8
DNS Domain: 8.8.4.4

@GM12Tick
Copy link
Author

GM12Tick commented Oct 22, 2018 via email

@GM12Tick
Copy link
Author

:\ any idea?
how would you recommend investigating this?

@GM12Tick
Copy link
Author

GM12Tick commented Nov 1, 2018

Update: if i run the following command: systemd-resolve -i tun0 --set-dns 10.128.0.20 then i get dns working back again (obviously...)

I think this happens because the network goes through changes but the openvpn does not restart so no down-up process happens.

@jonathanio
Copy link
Owner

Apologies. I'm busy with client work right now, so time is limited.

Thank you for continuing to look at it, and it is interesting that systemd-resolved.service seems to lose the listing of, and routes for, DNS servers during network changes. Ultimately this feels therefore like a regression issue within the resolve component of systemd. I have had a brief search through the open issues and cannot see anything specific. It, therefore, might be worth opening up an issue with that repository. I don't understand the reason for flushing all configuration as well as the caches on network changes.

@zachliu
Copy link

zachliu commented Dec 7, 2018
edited

I've been experiencing a similar issue. When I do sudo openvpn --config myconf.conf (openvpn 2.4.4) with the following myconf.conf file:

client
tls-client
dev tun
proto udp
remote ovpn.xxx.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /home/user/openvpn/ca.crt
cert /home/user/openvpn/openvpn.crt
key /home/user/openvpn/openvpn.key
remote-cert-tls server
tls-auth /home/user/openvpn/ta.key 1
comp-lzo
verb 3
inactive 3600
script-security 2
dhcp-option DOMAIN-ROUTE .
auth-nocache
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved

Everything seems fine. I see

<14>Dec  7 12:14:59 update-systemd-resolved: Link 'tun0' coming up
<14>Dec  7 12:14:59 update-systemd-resolved: Adding DNS Routed Domain .
<14>Dec  7 12:14:59 update-systemd-resolved: Adding IPv4 DNS Server xxx.xxx.xxx.xxx
<14>Dec  7 12:14:59 update-systemd-resolved: Adding IPv4 DNS Server xxx.xxx.xxx.xxx
<14>Dec  7 12:14:59 update-systemd-resolved: SetLinkDNS(24 2 2 4 10 99 0 2 2 4 208 67 220 220)
<14>Dec  7 12:14:59 update-systemd-resolved: SetLinkDomains(24 1 . true)

in the log. But after a while, DNS is lost. I'm using openvpn to access my AWS resources. So if I dig, I no longer see the private IP address but the public IP address of my database.

This usually happens when [server] Inactivity timeout (--ping-restart), restarting. Interestingly during the restarting, update-systemd-resolved is not executed. There is no Adding DNS ... in the restarting logs.

@jonathanio
Copy link
Owner

Looking at the documentation, it looks like the up-restart command is what is required here:

Normally the up script is called after the TUN/TAP device is opened. In this context, the last command line parameter passed to the script will be init. If the –up-restart option is also used, the up script will be called for restarts as well. A restart is considered to be a partial reinitialization of OpenVPN where the TUN/TAP instance is preserved (the –persist-tun option will enable such preservation). A restart can be generated by a SIGUSR1 signal, a –ping-restart timeout, or a connection reset when the TCP protocol is enabled with the –proto option. If a restart occurs, and –up-restart has been specified, the up script will be called with restart as the last parameter.

I'll update the documentation and configuration to make this clearer.

jonathanio added a commit that referenced this issue May 19, 2019
@jonathanio
Add to documentation about using up-restart for #53
0c44b2d
@jonathanio
Copy link
Owner

I've updated the documentation and the default settings in the common configuration file. I've also updated the output of the AUR handler too. I'll now close this issue.

@timwsuqld timwsuqld mentioned this issue Jan 6, 2020
Open
@vaskokj
Copy link

vaskokj commented Jan 9, 2020

I seem to be having this issue as well. I have made the up-restart change but it still does it...

For example, I'll connect, it will work fine for some period of time, I'll start downloading an image file off a server on the VPN, and then all of a sudden DNS resolution stops working.

This is what I added to my ovpn config file.

script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonathanio jonathanio

Labels
Help Wanted Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vaskokj @jonathanio @GM12Tick @zachliu