i have a device in my private network, let's call it "webserver". when i am directly connected to my private network at home then i can reach that server by using its host name, like http://webserver:1337.
however if i connect to that network from a different network through VPN, like from work or from the library, my browser (firefox and chrome) can not resolve that hostname (both just using the system network configuration).
if i run
dig webserver +short
i, don't get back an ip address. other hostnames however, like fritz.box (which is my router) do return the correct IP address.
dig fritz.box +short
192.168.178.1
so that makes me think that my VPN and DNS configurations are wrong and that i need to change them, because if i specifically ask my DNS server inside the VPN network, for that hostname, i actually get back the correct IP
> watch dig webserver @192.168.178.1 +short
192.168.178.46
in my VPN configuration the DNS server address is set to automatic so i assumed it would just retrieve the correct IP which looks like it should have worked, when i run
> systemd-resolve --status
[...]
Link 5 (tun0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.178.1
DNS Servers: 192.168.178.1
DNS Domain: ~.
Link 3 (wlp3s0)
Current Scopes: none
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
my local /etc/resolv.conf also doesn't show any special configurations:
nameserver 127.0.0.53
options edns0
an if i run ip r i can also see that the route to the subnet with the nameserver, looks like it's setup correctly:
default dev tun0 proto static scope link metric 50
default via 192.168.0.1 dev wlp3s0 proto dhcp metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.236 metric 600
192.168.0.1 dev wlp3s0 proto static scope link metric 600
192.168.178.0/24 dev tun0 proto kernel scope link src 192.168.178.201 metric 50
This is my VPN config file from /etc/NetworkManager/system-connections/
[connection]
id=**redacted**
uuid=**redacted**
type=vpn
autoconnect=false
permissions=user:**redacted**:;
timestamp=1604833427
[vpn]
IKE DH Group=dh2
IPSec ID=redacted
IPSec gateway=redacted
IPSec secret-flags=1
Local Port=0
NAT Traversal Mode=natt
Perfect Forward Secrecy=server
Vendor=cisco
Xauth password-flags=1
Xauth username=redacted
ipsec-secret-type=save
xauth-password-type=save
service-type=org.freedesktop.NetworkManager.vpnc
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
[proxy]
ifconfig tun0 gives me:
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1412
inet 192.168.178.201 netmask 255.255.255.0 destination 192.168.178.201
inet6 **redacted** prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 3334 bytes 3091010 (3.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2980 bytes 635324 (635.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
My systemd-resolved logs look mostly like this:
Dez 08 15:35:52 **redacted** systemd-resolved[1040]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Dez 08 15:35:52 **redacted** systemd-resolved[1040]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
one noteworthy thing here is that /etc/resolv.conf points to /run/systemd/resolve/stub-resolv.conf, which contains
nameserver 127.0.0.53
options edns0
some people suggest to just let it point to /run/systemd/resolve/resolv.conf, which contains:
nameserver 192.168.178.1
which IS the correct nameserver. but this would bypass resolved and can't be the solution to the problem.
i'd appreciate getting some pointers on how to further troubleshoot this issue. thanks in advance!
