Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?
I have a VPN (
192.168.1.*) I frequently connect to that has DNS (
192.168.1.53) configured to resolve host names of the form
*.internal.example.com on its network. My local router (
192.168.0.1) has DD-WRT on it with Google’s DNS setup (those aren’t strictly needed).
I’ve replaced the systemd
/etc/resolv.conf stub with a symlink to
/run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN’s DNS server. Yesterday it was working fine because the VPN’s DNS server was at the top of the list.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf # This file is managed by man:systemd-resolved(8). Do not edit. # ... nameserver 192.168.1.53 nameserver 192.168.0.1 nameserver 22.214.171.124 # Too many DNS servers configured, the following entries may be ignored. nameserver 126.96.36.199 search Home internal.example.com
However, when I connected today the DNS entries were reordered.
# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf # This file is managed by man:systemd-resolved(8). Do not edit. # ... nameserver 192.168.0.1 nameserver 188.8.131.52 nameserver 184.108.40.206 # Too many DNS servers configured, the following entries may be ignored. nameserver 192.168.1.53 search Home internal.example.com
The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).
systemd-resolve works just fine and can resolve the hosts using the proper DNS server.
$ systemd-resolve --status --no-pager Global DNSSEC NTA: ... Link 10 (tun0) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 192.168.1.53 DNS Domain: internal.example.com Link 2 (eno1) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 192.168.0.1 220.127.116.11 18.104.22.168 192.168.1.53 DNS Domain: Home
$ systemd-resolve srv1.internal.example.com srv1.internal.example.com: 192.168.1.113 -- Information acquired via protocol DNS in 2.1ms. -- Data is authenticated: no
ssh all fail though.
$ ping srv1.internal.example.com ping: srv1.internal.example.com: Name or service not known
$ nslookup srv1.internal.example.com Server: 192.168.0.1 Address: 192.168.0.1#53 ** server can't find srv1.internal.example.com: NXDOMAIN
$ ssh srv1.internal.example.com ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known
A few notes.
I connect to the VPN through Network Manager. I have the VPN’s DNS manually specified on the VPN under: IPv4 > DNS Servers.
I tried using a separate wired ethernet connection configured with the VPN’s DNS under: IPv4 > Other DNS Servers.