GNOME Bugzilla – Bug 765235
DNS leaks due to misconfigured /etc/resolv.conf
Last modified: 2016-04-19 16:09:11 UTC
When using NetworkManager with the OpenVPN plugin and connecting to a VPN that pushes DNS addresses, those addresses are _appended_ to the resolv.conf instead of replacing existing ones. The current behaviour can and will cause DNS leaks to occur, as soon as the DNS servers pushed by the VPN are not reachable (or even before that) and resolver cycles to the local nameserver (http://man7.org/linux/man-pages/man5/resolv.conf.5.html) given by the ISP. I have even observed that the local nameserver is on the first line, causing DNS leaks to occur outright. The default behavior should be to prevent DNS leaks and only to use the DNS nameservers explicitly pushed by the VPN. I think in my case the NetworkManager collects the configured nameservers in the order that the connections were established -- i.e. first the nameserver of my ethernet (local) and then the nameservers pushed by the VPN and then writes them to /etc/resolv.conf Current workarounds include manually specifying the set of DNS servers provided by the VPN for the ethernet connection and the VPN, or simply not using NetworkManager, instead relying on openvpn + update-resolv-conf directly (which works).
To elaborate a bit: I am running Arch Linux, and the installed NetworkManager version is: extra/networkmanager 1.0.12-1. I am using the KDE Plasma desktop and the extra/nm-connection-editor 1.0.10-1 to additionally configure the VPNs.
Isn't his a duplicate of bug 758772?
Seems like it, I had assumed this to be completely unknown, since it is imho a critical security issue.
*** This bug has been marked as a duplicate of bug 758772 ***