Note: My question is not how to stop nm updating /etc/resolv.conf. Not how to make openconnect work. Instead I just want to understand some details about resolv.conf configuring in ubuntu. Why there are two ways to configure it (/etc/resolv.conf is symlink to /run/resolvconf/resolv.conf or /var/run/NetworkManager/resolv.conf), why I get different configurations and why sometimes I have running DNS server on 127.0.1.1 and sometimes I do not.
I'm using xubuntu version 17.04. And I need to connect to pulse secure (5.3r1 now) VPN. Previously this VPN product was named Junos Pulse by the Juniper Networks. Now I have several options to connect to this VPN:
- Pulse Secure 5.3r1 - which is provided by our service provider. And contains 32bit GUI that requires a lot of 32bit libraries.
- Use openconnect --juniper
- Create VPN connection through the Network Manager (Juniper/Pulse Network Connect type). Juniper support was added into Network Manager recently and is provided by the network-manager-openconnect-gnome package.
But I have some troubles with DNS configuring during connecting to VPN. I didn't change anything and seems that now systemd-resolve is used. According to systemd-resolve documentation it manages /etc/resolv.conf as a link to /run/resolvconf/resolv.conf file and that file should contain "nameserver 127.0.0.53". New nameservers and default domain names can be added to this file and in that case all nameservers are used. In that case everything works.
But after reboot sometimes I see that /etc/resolv.conf points to /var/run/NetworkManager/resolv.conf and contains lines "# Generated by NetworkManager" and "nameserver 127.0.1.1". In that case name resolution for my VPN doesn't work.
So the question is what is 127.0.1.1 DNS server, why I have two DNS servers instead of one. Actually I don't need local DNS server at all, but anyway. Why /etc/resolv.conf link is set to /var/run/NetworkManager/resolv.conf by the Network Manager.
I just checked netstat -utlp:
Proto Local Address Program name
tcp 0.0.0.0:5355 (hostmon) systemd-resolved
udp 127.0.0.53:53(domain) systemd-resolved
udp 0.0.0.0:5353 (mdns) chrome
udp 0.0.0.0:5353 (mdns) avahi-daemon
udp 0.0.0.0:5355 (hostmon) systemd-resolved
I checked systemd-resolve --status:
Global
DNS Servers: 127.0.1.1
...
I checked network config /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
And I don't have dnsmasq installed.
PS: seems that Network Manager installs that link on behalf of resolvconf. Need to check. But still don't understand why it is so if systemd-resolve is installed. Why systemd-resolve is not used for that.
PSS: Just found there are two separate services in ubuntu: resolvconf.service (from resolvconf package) described in /lib/systemd/system/resolvconf.service. And systemd-resolved.service (from systemd package) described in /lib/systemd/system/systemd-resolved.service. Quick googling didn't give me an answer why there are two services that do the same job and are part of core ubuntu and can't be even uninstalled.
