mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-01-03 11:40:18 +01:00
c447a4886d
This is actually trying *too* hard to prevent DNS leaks, breaking normal expected use of split DNS. Let systemd-resolved handle sending our DNS queries to the right place instead. It's true that NetworkManager is trying to emulate the behavior of wg-quick here, and wg-quick uses 'resolvconf -x' to attempt to set "exclusive" DNS. But with systemd-resolved this is implemented by setting a ~. routing domain for the Wireguard interface. That is a *really* big hammer already, since Domain=~. overrides +DefaultRoute, ensuring most DNS queries can only go to other interfaces with Domain=~. NetworkManager follows systemd-resolved's recommended convention by only applying Domain=~. to other "privacy VPNs" since 1.26.6. Setting DNS priority only prevents *domain-specific* "leaks", which are almost always desired. For example, it prevents using both the Wireguard VPN and a corporate VPN at the same time. Note that all of the justification behind !688 applies here as well. See-also: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/688 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/585 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/901 |
||
|---|---|---|
| .. | ||
| meson.build | ||
| nm-client-utils.c | ||
| nm-client-utils.h | ||
| nm-polkit-listener.c | ||
| nm-polkit-listener.h | ||
| nm-secret-agent-simple.c | ||
| nm-secret-agent-simple.h | ||
| nm-vpn-helpers.c | ||
| nm-vpn-helpers.h | ||
| qrcodegen.c | ||
| qrcodegen.h | ||