cancel
Showing results for 
Search instead for 
Did you mean: 

Ubuntu 18.04 DNS Issue after connecting to Pulse Secure

sandeep.sanash@gmail.com
Occasional Visitor

Ubuntu 18.04 DNS Issue after connecting to Pulse Secure

Hi, 

 

I am struggling since couple of days to make it work by following every information available online but couldn't make it. So decided to ask here. 

 

I am running Ubuntu 18.04 LTS on my Dell laptop. Able to connect to internet. But when i connect to vpn using Pulse Secure client the dns resolution stops working for vpn resources using name. However internet works. 

Nslookup, dig all works. IP works but not fqdn. It says - 


This site can’t be reached ins.example.com’s server IP address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN

 

Here is some of the details before connecting to vpn - 

[email protected]:~$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 2409:4042:208e:3b8d:d89f:c1ff:fe79:484e

 

[email protected]:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 20100 0 0 enxfcde56ff0106
0.0.0.0 192.168.1.1 0.0.0.0 UG 20600 0 0 wlp4s0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp4s0
192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 enxfcde56ff0106
192.168.0.0 0.0.0.0 255.255.0.0 U 600 0 0 wlp4s0
192.168.1.1 0.0.0.0 255.255.255.255 UH 1 0 0 wlp4s0

 

[email protected]:~$ systemd-resolve --status
Global
DNS Servers: 8.8.8.8
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test

Link 8 (enxfcde56ff0106)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 3 (wlp4s0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 2 (enp3s0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no


[email protected]:~$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat systemd
group: compat systemd
shadow: compat
gshadow: files

#hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname
hosts: files mdns4_minimal [NOTFOUND=return] myhostname
# Use /etc/resolv.conf first, then fall back to systemd-resolved
hosts: files dns resolve myhostname
# Use systemd-resolved first, then fall back to /etc/resolv.conf
hosts: files resolve dns myhostname
# Don't use /etc/resolv.conf at all
hosts: files resolve myhostname
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

 

After connecting to vpn - 

[email protected]:~$ systemd-resolve --status
Global
DNS Servers: 8.8.8.8
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test

Link 9 (tun0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 8 (enxfcde56ff0106)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 3 (wlp4s0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

Link 2 (enp3s0)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no

 

[email protected]:~$ cat /etc/resolv.conf
search example.com example-corp.com
nameserver 10.82.150.113
nameserver 91.240.57.125

 

[email protected]:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 enxfcde56ff0106
0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlp4s0
10.0.0.0 10.186.1.53 255.0.0.0 UG 1 0 0 tun0
10.80.1.1 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
10.145.0.0 10.186.1.53 255.255.240.0 UG 1 0 0 tun0
10.151.0.41 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
10.153.0.0 10.186.1.53 255.255.0.0 UG 1 0 0 tun0
10.153.0.193 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
10.200.0.0 10.186.1.53 255.255.0.0 UG 1 0 0 tun0
35.195.110.154 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
40.113.93.91 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
50.0.0.0 10.186.1.53 255.0.0.0 UG 1 0 0 tun0
52.19.126.201 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
57.5.64.0 10.186.1.53 255.255.255.0 UG 1 0 0 tun0
57.56.79.0 10.186.1.53 255.255.255.0 UG 1 0 0 tun0
81.45.9.212 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
81.45.11.200 192.168.1.1 255.255.255.255 UGH 1 0 0 enxfcde56ff0106
91.240.56.1 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.2 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.3 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.8 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.9 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.15 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.20 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.21 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.22 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.23 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.56.30 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.57.2 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.57.20 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.57.50 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
91.240.57.165 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
100.0.0.0 10.186.1.53 255.0.0.0 UG 1 0 0 tun0
101.0.0.0 10.186.1.53 255.0.0.0 UG 1 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp4s0
172.16.0.0 10.186.1.53 255.240.0.0 UG 1 0 0 tun0
172.24.1.1 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
192.11.13.0 10.186.1.53 255.255.255.0 UG 1 0 0 tun0
192.168.0.0 10.186.1.53 255.255.0.0 UG 1 0 0 tun0
192.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 enxfcde56ff0106
192.168.0.0 0.0.0.0 255.255.0.0 U 600 0 0 wlp4s0
192.168.1.1 0.0.0.0 255.255.255.255 UH 1 0 0 wlp4s0
192.168.106.0 10.186.1.53 255.255.255.0 UG 1 0 0 tun0
192.168.156.54 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
192.168.156.55 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
193.57.233.87 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
193.57.233.90 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
193.57.236.225 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
193.57.252.27 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0
194.76.166.180 10.186.1.53 255.255.255.255 UGH 1 0 0 tun0

 

This happens only with PulseSecure client. If I connect to another vpn using openvpn client it works without any issue. I tried playing with options like unbound, systemd-resolve.service and resolvconf.service but none them worked for me.