SSSD internal DNS resolver is broken when using Cisco Anyconnect VPN client (inotify issue)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd |
New
|
Unknown
|
|||
sssd (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Hi everyone,
I am facing an issue with SSSD internal DNS resolver (I was able to reproduce this issue with SSSD versions 2.2.3 coming with Ubuntu 20.04 and version 1.16.1 coming with Ubuntu 18.04) when I am using Cisco Anyconnect VPN client.
SSSD is not detecting the new DNS servers setting up by Cisco Anyconnect client and keeps using previous ones.
DNS is managed with systemd-resolved and the /etc/resolv.conf file is a symlink to /run/systemd/
When Cisco Anyconnect client connects to VPN the /etc/resolv.conf symlink is renamed to /etc/resolv.
When Cisco Anyconnect client disconnects from VPN the /etc/resolv.
I have checked this with inotifywait (I only kept interesting parts):
/etc/ MOVED_FROM resolv.conf
/etc/ MOVED_TO resolv.
/etc/ CREATE resolv.conf
/etc/ OPEN resolv.conf
/etc/ ATTRIB resolv.conf
/etc/ MODIFY resolv.conf
/etc/ CLOSE_WRITE,CLOSE resolv.conf
...
/etc/ MOVED_FROM resolv.
/etc/ MOVED_TO resolv.conf
I can workaround this issue by changing the way SSSD detects DNS changes (stop using inotify and poll the /etc/resolv.conf file every 5 seconds) with option try_inotify set to false but I guess this can impact performance (even though I don't think this should be a big impact).
The SSSD team told me that my issue is the same issue as this one https:/
Newer SSSD versions have already been fixed.
Will it be possible to backport: patches
- https:/
- https:/
Thanks for your help :)
summary: |
SSSD internal DNS resolver is broken when using Cisco Anyconnect VPN - client + client (inotify issue) |
Changed in sssd: | |
status: | Unknown → New |
Status changed to 'Confirmed' because the bug affects multiple users.