Sometimes, I have to use OpenConnect to connect into some VPNs (so much less nasty than the Cisco AnyConnect client for linux which insists on running a daemon in the background). Ubuntu 16.10 has it as a package I installed, and it connects fine.

What goes screwy is DNS resolution...

Sometimes, for no obvious reason, I can resolve internal hostnames that resolve to destinations reached by the host using things like the "host" command...

... but if I try to reach that same host via SSH using its hostname, it will say it can't resolve the host.

I don't understand how the host command could behave differently to a program requesting DNS resolution?

It had been a long time since I'd needed to fiddle with my resolv.conf, so I went to have a look, and was presented with some abhorrent mashup of dnsmasq, network managd and/or systemd and other things seemingly dynamically configuring stuff, but with no obvious way to figure out what the current settings were or how to influence them (insert rant here about the increasingly opaque way services are being configured in linux, with a decline in obvious CLI tools in lieu of monolith services that speak in tongues between themselves).

OpenConnect uses the vpnc-scripts package to configure routing and name services. The routing seems to work ok, but I can't for the life of me figure out why DNS resolution would randomly not work across all apps... particularly the fact that within the same connection  I can have DNS work and then not work again.

Is dhclient perhaps overriding things when lease is up? Though that wouldn't explain why sometimes it fails off the bat.

Anyone else use OpenConnect? Have you had it behave weirdly? I mean, I could just go through I guess and strip back a lot of the "magic" that happens... but as with systemd, I feel as much as I'm not a fan of some of it, I'd be fighting the tide and therefore not keeping up my knowledge of frequently used system components..