Bug #410
Updated by Tobias Brunner about 12 years ago
The formating of the entries in /etc/resolv.conf that are inserted by charon break dig and nslookup.
Example:
Server pushes 192.168.178.48 and 192.168.178.6 as dns resolvers to the VPN initiator.
This makes charon on the initiator side insert the following in /etc/resolv.conf:
<pre>
nameserver 192.168.178.48
nameserver #
nameserver by
nameserver strongSwan,
nameserver from
nameserver nfs-server
nameserver 192.168.178.6
</pre>
The strings in between the IPs break dig and nslookup.
"dig" says the following when you try to resolve any domain name:
<pre>
$ dig google.de
dig: parse of /etc/resolv.conf failed
</pre>
"nslookup" says something similiar:
<pre>
$ nslookup google.de
nslookup: parse of /etc/resolv.conf failed
</pre>
How to Fix:
Remove the strings in between the IPs
Example:
proper content of /etc/resolv.conf:
<pre>
nameserver 192.168.178.48
nameserver 192.168.178.6
$ dig google.de
dig google.de
; <<>> DiG 9.9.2-P2 <<>> google.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28180
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 4, ADDITIONAL: 5
<Here more proper output>
nslookup google.de
Server: 192.168.178.48
Address: 192.168.178.48#53
Non-authoritative answer:
Name: google.de
Address: 109.193.193.45
<more proper output>
</pre>
Example:
Server pushes 192.168.178.48 and 192.168.178.6 as dns resolvers to the VPN initiator.
This makes charon on the initiator side insert the following in /etc/resolv.conf:
<pre>
nameserver 192.168.178.48
nameserver #
nameserver by
nameserver strongSwan,
nameserver from
nameserver nfs-server
nameserver 192.168.178.6
</pre>
The strings in between the IPs break dig and nslookup.
"dig" says the following when you try to resolve any domain name:
<pre>
$ dig google.de
dig: parse of /etc/resolv.conf failed
</pre>
"nslookup" says something similiar:
<pre>
$ nslookup google.de
nslookup: parse of /etc/resolv.conf failed
</pre>
How to Fix:
Remove the strings in between the IPs
Example:
proper content of /etc/resolv.conf:
<pre>
nameserver 192.168.178.48
nameserver 192.168.178.6
$ dig google.de
dig google.de
; <<>> DiG 9.9.2-P2 <<>> google.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28180
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 4, ADDITIONAL: 5
<Here more proper output>
nslookup google.de
Server: 192.168.178.48
Address: 192.168.178.48#53
Non-authoritative answer:
Name: google.de
Address: 109.193.193.45
<more proper output>
</pre>