[SOLVED] DNS resolves to public IPs instead of private IPs on VPN

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
Level 1
Level 1
Posts: 6
Joined: Mon Oct 30, 2017 6:34 pm
Location: Texas, USA

[SOLVED] DNS resolves to public IPs instead of private IPs on VPN

Post by lafritz65 » Thu Aug 29, 2019 5:16 pm

About a month and a half ago I created a 64-bit Linux Mint 19.1 VM (running MATE in case it matters) in VirtualBox, which runs on a Windows 10 laptop, to connect to my company's datacenter VPN. After logging into the VM, I connect to the VPN, and then from the terminal I regularly ssh to a number of Linux servers using the FQDN to do my work. Until this week everything worked fine. Now, starting a few days ago, my DNS resolution has been switching from the internal private IP addresses for these servers to the public IP addresses used for web access. Since ssh is blocked on the public IPs, this results in a connection denied error when I try to login over ssh. But it is not consistent. Sometimes it resolves to the private address and a few hours later the same domain resolves to the public address. Sometimes the next day it starts over. However, it seems to be more consistently resolving to the public addresses with each passing day.

I have searched the forums and the web at large for solutions. I tried a few things, which didn't work, and each time I reverted back to the default configuration for systemd-resolved, so I'm back where I started. As I've been able to understand it based on the research I have done, I need to configure my VM to consistently resolve the server names to the private addresses using the internal nameserver when I'm on the VPN, which I presume is possible. I saw 1 or 2 (old) posts on the web at large that seemed to address similar problems but I did not fully understand the resolution, so it didn't help me. I also found a post with instructions to configure manual control of /etc/resolv.conf, but it seems to be an extreme measure that I will only consider if nothing else works.

Code: Select all

ll /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Aug 29 15:56 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf

cat /etc/resolv.conf
<comment skipped>
options edns0

sudo systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-08-29 15:58:13 CDT; 4min 46s ago
     Docs: man:systemd-resolved.service(8)
 Main PID: 395 (systemd-resolve)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/systemd-resolved.service
           └─395 /lib/systemd/systemd-resolved

Aug 29 15:58:13 <myhost> systemd[1]: Starting Network Name Resolution...
Aug 29 15:58:13 <myhost> systemd-resolved[395]: Positive Trust Anchors:
Aug 29 15:58:13 <myhost> systemd-resolved[395]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Aug 29 15:58:13 <myhost> systemd-resolved[395]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Aug 29 15:58:13 <myhost> systemd-resolved[395]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arp
Aug 29 15:58:13 <myhost> systemd-resolved[395]: Using system hostname '<myhost>'.
Aug 29 15:58:13 <myhost> systemd[1]: Started Network Name Resolution.
Aug 29 15:58:15 <myhost> systemd-resolved[395]: Using degraded feature set (UDP) for DNS server
Any suggestions would be greatly appreciated.
Last edited by lafritz65 on Thu Sep 05, 2019 12:09 pm, edited 1 time in total.

Level 1
Level 1
Posts: 6
Joined: Mon Oct 30, 2017 6:34 pm
Location: Texas, USA

[SOLVED] Re: DNS resolves to public IPs instead of private IPs on VPN

Post by lafritz65 » Wed Sep 04, 2019 6:47 pm

Seeing as there have been no responses to my query, I continued to try numerous recommendations I found outside this forum. Nothing worked until I followed the instructions here to disable systemd-resolved, after finding several posts that recommended it:

https://www.unixgr.com/disabling-system ... u-systems/

After following the steps documented, and then reconnecting to the VPN, nslookup finally resolves the domain names to the internal addresses again instead of the external addresses and does so consistently. Therefore, I am noting this for future reference and will not be using systemd-resolved ever again.

Posting my solution in case anyone else has the same problem and needs a resolution.
Last edited by lafritz65 on Wed Sep 04, 2019 6:54 pm, edited 2 times in total.

Post Reply

Return to “Other networking topics”