Prioritize VPN's DNS Server
Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?
I have a VPN (192.168.1.*
) I frequently connect to that has DNS (192.168.1.53
) configured to resolve host names of the form *.internal.example.com
on its network. My local router (192.168.0.1
) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).
I've replaced the systemd /etc/resolv.conf
stub with a symlink to /run/systemd/resolve/resolv.conf
so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com
However, when I connected today the DNS entries were reordered.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com
The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).
systemd-resolve
works just fine and can resolve the hosts using the proper DNS server.
$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...
Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com
Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113
-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no
ping
, nslookup
, and ssh
all fail though.
$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53
** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known
A few notes.
I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.
I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.
18.04 network-manager systemd systemd-resolved
This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.
This question has not received enough attention.
I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.
|
show 2 more comments
Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?
I have a VPN (192.168.1.*
) I frequently connect to that has DNS (192.168.1.53
) configured to resolve host names of the form *.internal.example.com
on its network. My local router (192.168.0.1
) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).
I've replaced the systemd /etc/resolv.conf
stub with a symlink to /run/systemd/resolve/resolv.conf
so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com
However, when I connected today the DNS entries were reordered.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com
The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).
systemd-resolve
works just fine and can resolve the hosts using the proper DNS server.
$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...
Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com
Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113
-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no
ping
, nslookup
, and ssh
all fail though.
$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53
** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known
A few notes.
I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.
I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.
18.04 network-manager systemd systemd-resolved
This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.
This question has not received enough attention.
I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.
Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.
– cpburnz
yesterday
Do you use network manager to start your VPN ? Because NM has options to set DNS servers..
– Robert Riedl
yesterday
@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".
– cpburnz
yesterday
And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...
– Robert Riedl
yesterday
@RobertRiedl No, it strangely doesn't.
– cpburnz
yesterday
|
show 2 more comments
Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?
I have a VPN (192.168.1.*
) I frequently connect to that has DNS (192.168.1.53
) configured to resolve host names of the form *.internal.example.com
on its network. My local router (192.168.0.1
) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).
I've replaced the systemd /etc/resolv.conf
stub with a symlink to /run/systemd/resolve/resolv.conf
so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com
However, when I connected today the DNS entries were reordered.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com
The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).
systemd-resolve
works just fine and can resolve the hosts using the proper DNS server.
$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...
Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com
Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113
-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no
ping
, nslookup
, and ssh
all fail though.
$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53
** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known
A few notes.
I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.
I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.
18.04 network-manager systemd systemd-resolved
Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?
I have a VPN (192.168.1.*
) I frequently connect to that has DNS (192.168.1.53
) configured to resolve host names of the form *.internal.example.com
on its network. My local router (192.168.0.1
) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).
I've replaced the systemd /etc/resolv.conf
stub with a symlink to /run/systemd/resolve/resolv.conf
so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com
However, when I connected today the DNS entries were reordered.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...
nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com
The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).
systemd-resolve
works just fine and can resolve the hosts using the proper DNS server.
$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...
Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com
Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home
$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113
-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no
ping
, nslookup
, and ssh
all fail though.
$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53
** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known
A few notes.
I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.
I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.
18.04 network-manager systemd systemd-resolved
18.04 network-manager systemd systemd-resolved
edited yesterday
cpburnz
asked Feb 5 at 21:13
cpburnzcpburnz
430725
430725
This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.
This question has not received enough attention.
I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.
This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.
This question has not received enough attention.
I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.
Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.
– cpburnz
yesterday
Do you use network manager to start your VPN ? Because NM has options to set DNS servers..
– Robert Riedl
yesterday
@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".
– cpburnz
yesterday
And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...
– Robert Riedl
yesterday
@RobertRiedl No, it strangely doesn't.
– cpburnz
yesterday
|
show 2 more comments
Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.
– cpburnz
yesterday
Do you use network manager to start your VPN ? Because NM has options to set DNS servers..
– Robert Riedl
yesterday
@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".
– cpburnz
yesterday
And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...
– Robert Riedl
yesterday
@RobertRiedl No, it strangely doesn't.
– cpburnz
yesterday
Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.
– cpburnz
yesterday
Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.
– cpburnz
yesterday
Do you use network manager to start your VPN ? Because NM has options to set DNS servers..
– Robert Riedl
yesterday
Do you use network manager to start your VPN ? Because NM has options to set DNS servers..
– Robert Riedl
yesterday
@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".
– cpburnz
yesterday
@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".
– cpburnz
yesterday
And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...
– Robert Riedl
yesterday
And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...
– Robert Riedl
yesterday
@RobertRiedl No, it strangely doesn't.
– cpburnz
yesterday
@RobertRiedl No, it strangely doesn't.
– cpburnz
yesterday
|
show 2 more comments
1 Answer
1
active
oldest
votes
As you accept using dnsmasq, how about this:
- Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)
- Try this config on your dnsmasq:
server=/192.168.1.53/internal.example.com
server=8.8.8.8
This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.
Take a look at "-S, --local, --server=" option on dnsmasq man page.
Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115932%2fprioritize-vpns-dns-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
As you accept using dnsmasq, how about this:
- Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)
- Try this config on your dnsmasq:
server=/192.168.1.53/internal.example.com
server=8.8.8.8
This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.
Take a look at "-S, --local, --server=" option on dnsmasq man page.
Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.
New contributor
add a comment |
As you accept using dnsmasq, how about this:
- Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)
- Try this config on your dnsmasq:
server=/192.168.1.53/internal.example.com
server=8.8.8.8
This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.
Take a look at "-S, --local, --server=" option on dnsmasq man page.
Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.
New contributor
add a comment |
As you accept using dnsmasq, how about this:
- Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)
- Try this config on your dnsmasq:
server=/192.168.1.53/internal.example.com
server=8.8.8.8
This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.
Take a look at "-S, --local, --server=" option on dnsmasq man page.
Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.
New contributor
As you accept using dnsmasq, how about this:
- Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)
- Try this config on your dnsmasq:
server=/192.168.1.53/internal.example.com
server=8.8.8.8
This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.
Take a look at "-S, --local, --server=" option on dnsmasq man page.
Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.
New contributor
New contributor
answered yesterday
JucaPiramaJucaPirama
613
613
New contributor
New contributor
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115932%2fprioritize-vpns-dns-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.
– cpburnz
yesterday
Do you use network manager to start your VPN ? Because NM has options to set DNS servers..
– Robert Riedl
yesterday
@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".
– cpburnz
yesterday
And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...
– Robert Riedl
yesterday
@RobertRiedl No, it strangely doesn't.
– cpburnz
yesterday