Sample Header Ad - 728x90

systemd-resolved+VPN: 2nd DNS server ignored (L2TP)

0 votes
1 answer
1412 views
dns networkmanager vpn systemd-resolved l2tp
I'm connecting to a corporate VPN via network-manager-l2tp with a pre-shared key and user+pass. I'm getting a correct DNS server IP automatically, which resolves the companies URLs correctly. However, public internet isn't resolved (I tested with www.google.com all the time), but this depends on the perspective: I can't get systemd-resolved to resolve from 2 DNS servers at the same time (1.1.1.1 and the corporate DNS). It's strictly either or and I've tried a lot of different configs... **Question: How do I configure systemd-resolved to use both a corporate VPN's DNS and the regular DNS servers at the same time?** I don't care if it's 'conditional forwarding' based on domain or using the 2nd DNS after the 1st fails. I couldn't get neither approach to work. My guess is this has something to do with l2tp, but I can't find any solutions that apply to my case. I use: NetworkManager 1.30.0, systemd-resolved (systemd 247.3) and openresolv (instead of old resolvconf) on Pop OS. Both services are up and running. resolv.conf -> /run/systemd/resolve/stub-resolv.conf 
# This file is managed by man:systemd-resolved(8). Do not edit.
[...]

nameserver 127.0.0.53
options edns0 trust-ad
search fritz.box
/etc/systemd/resolved.conf 
[Resolve]
FallbackDNS=1.1.1.1 corp.ip.add.ress
resolvectl status output after connecting to VPN 
Global
           Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1 corp.ip.add.ress

Link 2 (enp6s0)
    Current Scopes: DNS
         Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.178.1
       DNS Servers: 192.168.178.1
        DNS Domain: fritz.box

Link 3 (ip_vti0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 23 (ppp0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: corp.ip.add.ress
       DNS Servers: 1.1.1.1 corp.ip.add.ress
I've tried a lot of different things, but what you see above is a good starting point to come up with a robust, final solution.
Asked by freeo (105 rep)
Aug 5, 2021, 04:54 PM
Last activity: Sep 22, 2021, 04:25 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "dns"
More questions tagged "networkmanager"
More questions tagged "vpn"
Footer Ad - 728x90