🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: Oracle Linux 10

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Internal domains resolve inconsistently over VPN, causing intermittent app and API connectivity failures.

Environment & Reproduction

Appears when multiple interfaces publish competing DNS servers without routing domain rules.

resolvectl status
getent hosts internal.example.com
nmcli dev show | grep -E 'IP4.DNS|IP4.DOMAIN'

Root Cause Analysis

Resolver sends internal queries to public DNS due to missing split-DNS routing configuration in connection profiles.

Quick Triage

Check active links and DNS server assignment.

ip link show
resolvectl dns
resolvectl domain

Step-by-Step Diagnosis

Inspect VPN profile DNS priorities and resolved logs.

nmcli con show '' | grep -E 'ipv4.dns|ipv4.dns-search|ipv4.ignore-auto-dns'
journalctl -u systemd-resolved -n 80 --no-pager
cat /etc/systemd/resolved.conf
Illustrative mockup for oracle-linux-10 β€” terminal_or_shell
Inspecting DNS routing domains and resolver status β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Define per-connection DNS and routing domains for internal namespaces.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo nmcli con mod '' ipv4.dns '10.0.0.53 10.0.0.54' ipv4.dns-search 'corp.example.com' ipv4.ignore-auto-dns yes
sudo nmcli con up ''
sudo systemctl restart systemd-resolved
Illustrative mockup for oracle-linux-10 β€” log_or_config
Applying split-DNS and connection-specific resolver settings β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Disable resolved stub listener and rely on NetworkManager-managed `/etc/resolv.conf` where policy requires it.

sudo sed -i 's/^#DNSStubListener=.*/DNSStubListener=no/' /etc/systemd/resolved.conf
sudo systemctl restart systemd-resolved

Verification & Acceptance Criteria

Internal and public domains resolve via intended servers consistently.

resolvectl query internal.example.com
resolvectl query redhat.com
getent hosts internal.example.com

Rollback Plan

Revert VPN DNS settings if business apps depend on previous resolver path.

sudo nmcli con reload
sudo nmcli con up ''

Prevention & Hardening

Standardize DNS routing policy in connection templates and enforce with CI checks.

nmcli connection export '' /var/tmp/vpn.nmconnection
resolvectl status

Related to MTU fragmentation on VPN tunnels and stale NSS cache behavior.

Related tutorial: View the step-by-step tutorial for oracle-linux-10.

View all oracle-linux-10 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

RHEL DNS, NetworkManager, and systemd-resolved split-DNS configuration guidance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.