Prioritize VPN's DNS Server












1















Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...

Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com

Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home




$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known




$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN




$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known




A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.










share|improve this question

















This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.


This question has not received enough attention.


I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.

















  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    yesterday











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    yesterday











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    yesterday











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    yesterday











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    yesterday
















1















Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...

Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com

Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home




$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known




$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN




$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known




A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.










share|improve this question

















This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.


This question has not received enough attention.


I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.

















  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    yesterday











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    yesterday











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    yesterday











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    yesterday











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    yesterday














1












1








1








Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...

Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com

Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home




$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known




$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN




$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known




A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.










share|improve this question
















Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.1.53
nameserver 192.168.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
# ...

nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored.
nameserver 192.168.1.53
search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: ...

Link 10 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.53
DNS Domain: internal.example.com

Link 2 (eno1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.0.1
8.8.8.8
8.8.4.4
192.168.1.53
DNS Domain: Home




$ systemd-resolve srv1.internal.example.com
srv1.internal.example.com: 192.168.1.113

-- Information acquired via protocol DNS in 2.1ms.
-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com
ping: srv1.internal.example.com: Name or service not known




$ nslookup srv1.internal.example.com
Server: 192.168.0.1
Address: 192.168.0.1#53

** server can't find srv1.internal.example.com: NXDOMAIN




$ ssh srv1.internal.example.com
ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known




A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.







18.04 network-manager systemd systemd-resolved






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited yesterday







cpburnz

















asked Feb 5 at 21:13









cpburnzcpburnz

430725




430725






This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.


This question has not received enough attention.


I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.








This question has an open bounty worth +100
reputation from cpburnz ending in 6 days.


This question has not received enough attention.


I'd like this solved ideally using Network Manager, but some system script is acceptable provided it's not crazy. I do not want to remove or replace Network Manager.















  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    yesterday











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    yesterday











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    yesterday











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    yesterday











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    yesterday



















  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    yesterday











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    yesterday











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    yesterday











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    yesterday











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    yesterday

















Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

– cpburnz
yesterday





Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

– cpburnz
yesterday













Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

– Robert Riedl
yesterday





Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

– Robert Riedl
yesterday













@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

– cpburnz
yesterday





@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

– cpburnz
yesterday













And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

– Robert Riedl
yesterday





And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

– Robert Riedl
yesterday













@RobertRiedl No, it strangely doesn't.

– cpburnz
yesterday





@RobertRiedl No, it strangely doesn't.

– cpburnz
yesterday










1 Answer
1






active

oldest

votes


















0














As you accept using dnsmasq, how about this:




  1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

  2. Try this config on your dnsmasq:


server=/192.168.1.53/internal.example.com
server=8.8.8.8


This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



Take a look at "-S, --local, --server=" option on dnsmasq man page.



Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






share|improve this answer








New contributor




JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115932%2fprioritize-vpns-dns-server%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    As you accept using dnsmasq, how about this:




    1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

    2. Try this config on your dnsmasq:


    server=/192.168.1.53/internal.example.com
    server=8.8.8.8


    This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



    Take a look at "-S, --local, --server=" option on dnsmasq man page.



    Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






    share|improve this answer








    New contributor




    JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      0














      As you accept using dnsmasq, how about this:




      1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

      2. Try this config on your dnsmasq:


      server=/192.168.1.53/internal.example.com
      server=8.8.8.8


      This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



      Take a look at "-S, --local, --server=" option on dnsmasq man page.



      Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






      share|improve this answer








      New contributor




      JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        0












        0








        0







        As you accept using dnsmasq, how about this:




        1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

        2. Try this config on your dnsmasq:


        server=/192.168.1.53/internal.example.com
        server=8.8.8.8


        This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



        Take a look at "-S, --local, --server=" option on dnsmasq man page.



        Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






        share|improve this answer








        New contributor




        JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        As you accept using dnsmasq, how about this:




        1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

        2. Try this config on your dnsmasq:


        server=/192.168.1.53/internal.example.com
        server=8.8.8.8


        This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



        Take a look at "-S, --local, --server=" option on dnsmasq man page.



        Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.







        share|improve this answer








        New contributor




        JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered yesterday









        JucaPiramaJucaPirama

        613




        613




        New contributor




        JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        JucaPirama is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115932%2fprioritize-vpns-dns-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

            Mangá

            Eduardo VII do Reino Unido