On 28/07/2020 18:22, Michael Fischer wrote:
On Tue, Jul 28, Per Jessen wrote:
On 28/07/2020 17:48, Michael Fischer wrote:
For $WORK, I have to use a vpn which writes its own version of /etc/resolv.conf, but as of 2 days ago, I'm on 15.2, which has the whole /var/run/netconfig/resolv.conf thing going on.
I'm noticing VERY frequent DNS failures in web browser contexts. I wonder if the browsers are flapping back and forth between what the vpn put in /etc/resolv.conf and what is in /var/run/netconfig/resolv.conf.
They are the same - resolv.conf is a symlink.
Not after the VPN software does `mv /etc/resolv.conf /etc/resolv.conf.fp-save` and then writes out its own one....
Hmmm. Yeah. Well, apps (ie. the resolver) are not aware of /var/run/netconfig/resolv.conf, they only work with /etc/resolv.conf, so no flapping.
Thoughts? Suggestions?
I think we are missing some information - what sort of "VERY frequent DNS failures" are you seeing ? Does the resolv.conf as installed by the VPN setup otherwise work? dig or host will help you verify.
It seems to work when I use dig(1) on something which just failed in the browser, and showed that the vpn's DNS server was used to get the answer. However, I've no idea if FF is using the path to get the resolver.
FF uses the resolver by calling getaddrinfo() (unless it is setup for DNSoHTTPS) - dig talks directly to a nameserver. I guess the contents of /etc/resolv.conf are as expected? 'ping' will also use the standard resolver, you ought to see the same failure with ping.
FWIW, right now I'm also on 15.2, connected over vpn to our office - works just fine.
F5 vpn with an rpm to install an external app for a webapp tied to our AD servers for the auth? (which in general has worked reasonably well for over a year)
Just plain openvpn here, but I doubt if it matters a lot. Per -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org