Prioritize VPN's DNS Server












1















Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.1.53

nameserver 192.168.0.1

nameserver 8.8.8.8

# Too many DNS servers configured, the following entries may be ignored.

nameserver 8.8.4.4

search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.0.1

nameserver 8.8.8.8

nameserver 8.8.4.4

# Too many DNS servers configured, the following entries may be ignored.

nameserver 192.168.1.53

search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager

Global

          DNSSEC NTA: ...



Link 10 (tun0)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.1.53

          DNS Domain: internal.example.com



Link 2 (eno1)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.0.1

                      8.8.8.8

                      8.8.4.4

                      192.168.1.53

          DNS Domain: Home






$ systemd-resolve srv1.internal.example.com

srv1.internal.example.com: 192.168.1.113



-- Information acquired via protocol DNS in 2.1ms.

-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com

ping: srv1.internal.example.com: Name or service not known






$ nslookup srv1.internal.example.com

Server:         192.168.0.1

Address:        192.168.0.1#53



** server can't find srv1.internal.example.com: NXDOMAIN






$ ssh srv1.internal.example.com

ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known



A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.






18.04 network-manager systemd systemd-resolved







share|improve this question

























  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    Feb 28 at 16:33











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    Feb 28 at 17:37











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    Feb 28 at 17:54











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    Feb 28 at 17:59











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    Feb 28 at 18:00
















1















Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.1.53

nameserver 192.168.0.1

nameserver 8.8.8.8

# Too many DNS servers configured, the following entries may be ignored.

nameserver 8.8.4.4

search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.0.1

nameserver 8.8.8.8

nameserver 8.8.4.4

# Too many DNS servers configured, the following entries may be ignored.

nameserver 192.168.1.53

search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager

Global

          DNSSEC NTA: ...



Link 10 (tun0)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.1.53

          DNS Domain: internal.example.com



Link 2 (eno1)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.0.1

                      8.8.8.8

                      8.8.4.4

                      192.168.1.53

          DNS Domain: Home






$ systemd-resolve srv1.internal.example.com

srv1.internal.example.com: 192.168.1.113



-- Information acquired via protocol DNS in 2.1ms.

-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com

ping: srv1.internal.example.com: Name or service not known






$ nslookup srv1.internal.example.com

Server:         192.168.0.1

Address:        192.168.0.1#53



** server can't find srv1.internal.example.com: NXDOMAIN






$ ssh srv1.internal.example.com

ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known



A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.






18.04 network-manager systemd systemd-resolved







share|improve this question

























  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    Feb 28 at 16:33











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    Feb 28 at 17:37











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    Feb 28 at 17:54











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    Feb 28 at 17:59











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    Feb 28 at 18:00














1












1








1








Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.1.53

nameserver 192.168.0.1

nameserver 8.8.8.8

# Too many DNS servers configured, the following entries may be ignored.

nameserver 8.8.4.4

search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.0.1

nameserver 8.8.8.8

nameserver 8.8.4.4

# Too many DNS servers configured, the following entries may be ignored.

nameserver 192.168.1.53

search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager

Global

          DNSSEC NTA: ...



Link 10 (tun0)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.1.53

          DNS Domain: internal.example.com



Link 2 (eno1)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.0.1

                      8.8.8.8

                      8.8.4.4

                      192.168.1.53

          DNS Domain: Home






$ systemd-resolve srv1.internal.example.com

srv1.internal.example.com: 192.168.1.113



-- Information acquired via protocol DNS in 2.1ms.

-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com

ping: srv1.internal.example.com: Name or service not known






$ nslookup srv1.internal.example.com

Server:         192.168.0.1

Address:        192.168.0.1#53



** server can't find srv1.internal.example.com: NXDOMAIN






$ ssh srv1.internal.example.com

ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known



A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.






18.04 network-manager systemd systemd-resolved







share|improve this question
















Is there a way to prioritize a particular DNS server only when connecting to a VPN (OpenVPN) through Network Manager or one of its configuration files?



I have a VPN (192.168.1.*) I frequently connect to that has DNS (192.168.1.53) configured to resolve host names of the form *.internal.example.com on its network. My local router (192.168.0.1) has DD-WRT on it with Google's DNS setup (those aren't strictly needed).



I've replaced the systemd /etc/resolv.conf stub with a symlink to /run/systemd/resolve/resolv.conf so that host names will actually resolve using the VPN's DNS server. Yesterday it was working fine because the VPN's DNS server was at the top of the list.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.1.53

nameserver 192.168.0.1

nameserver 8.8.8.8

# Too many DNS servers configured, the following entries may be ignored.

nameserver 8.8.4.4

search Home internal.example.com


However, when I connected today the DNS entries were reordered.



# /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.

# ...



nameserver 192.168.0.1

nameserver 8.8.8.8

nameserver 8.8.4.4

# Too many DNS servers configured, the following entries may be ignored.

nameserver 192.168.1.53

search Home internal.example.com


The order frequently changes after a reboot. Sometimes upon reconnection to the VPN I notice the order changes (after experiencing the resolution issue).



systemd-resolve works just fine and can resolve the hosts using the proper DNS server.



$ systemd-resolve --status --no-pager

Global

          DNSSEC NTA: ...



Link 10 (tun0)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.1.53

          DNS Domain: internal.example.com



Link 2 (eno1)

      Current Scopes: DNS

       LLMNR setting: yes

MulticastDNS setting: no

      DNSSEC setting: no

    DNSSEC supported: no

         DNS Servers: 192.168.0.1

                      8.8.8.8

                      8.8.4.4

                      192.168.1.53

          DNS Domain: Home






$ systemd-resolve srv1.internal.example.com

srv1.internal.example.com: 192.168.1.113



-- Information acquired via protocol DNS in 2.1ms.

-- Data is authenticated: no


ping, nslookup, and ssh all fail though.



$ ping srv1.internal.example.com

ping: srv1.internal.example.com: Name or service not known






$ nslookup srv1.internal.example.com

Server:         192.168.0.1

Address:        192.168.0.1#53



** server can't find srv1.internal.example.com: NXDOMAIN






$ ssh srv1.internal.example.com

ssh: Could not resolve hostname srv1.internal.example.com: Name or service not known



A few notes.



I connect to the VPN through Network Manager. I have the VPN's DNS manually specified on the VPN under: IPv4 > DNS Servers.



I tried using a separate wired ethernet connection configured with the VPN's DNS under: IPv4 > Other DNS Servers.






18.04 network-manager systemd systemd-resolved




18.04 network-manager systemd systemd-resolved






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 28 at 17:58







cpburnz

















asked Feb 5 at 21:13









cpburnzcpburnz

437725




437725













  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    Feb 28 at 16:33











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    Feb 28 at 17:37











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    Feb 28 at 17:54











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    Feb 28 at 17:59











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    Feb 28 at 18:00



















  • Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

    – cpburnz
    Feb 28 at 16:33











  • Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

    – Robert Riedl
    Feb 28 at 17:37











  • @RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

    – cpburnz
    Feb 28 at 17:54











  • And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

    – Robert Riedl
    Feb 28 at 17:59











  • @RobertRiedl No, it strangely doesn't.

    – cpburnz
    Feb 28 at 18:00

















Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

– cpburnz
Feb 28 at 16:33





Bounty note: if something like dnsmasq running locally on my machine can solve this I'm open to suggestions.

– cpburnz
Feb 28 at 16:33













Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

– Robert Riedl
Feb 28 at 17:37





Do you use network manager to start your VPN ? Because NM has options to set DNS servers..

– Robert Riedl
Feb 28 at 17:37













@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

– cpburnz
Feb 28 at 17:54





@RobertRiedl Yes, I use NM to connect to the VPN, I do have the DNS server manually specified on the VPN under "IPv4" > "DNS Servers".

– cpburnz
Feb 28 at 17:54













And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

– Robert Riedl
Feb 28 at 17:59





And that doesn't work ? Sorry I'm in mobile, I can't be of more help right now...

– Robert Riedl
Feb 28 at 17:59













@RobertRiedl No, it strangely doesn't.

– cpburnz
Feb 28 at 18:00





@RobertRiedl No, it strangely doesn't.

– cpburnz
Feb 28 at 18:00










2 Answers
2






active

oldest

votes


















1





+100









As you accept using dnsmasq, how about this:




  1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

  2. Try this config on your dnsmasq:


server=/internal.example.com/192.168.1.53

server=8.8.8.8


This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



Take a look at "-S, --local, --server=" option on dnsmasq man page.



Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






share|improve this answer


























  • Thank you, this works.

    – cpburnz
    Mar 6 at 15:21











  • You're welcome. And just updated the answer with the correct param order.

    – JucaPirama
    Mar 6 at 15:59





















0














Thanks to JucaPirama's answer for the direction I needed, this is my final setup using dnsmasq in front of systemd-resolved.



Disable the systemd-resolved stub DNS server. In /etc/systemd/resolved.conf
change



#DNSStubListener=yes


to



DNSStubListener=no


Restart systemd-resolved.



sudo systemctl restart systemd-resolved


Install dnsmasq.



sudo apt-get install dnsmasq


Setup dnsmasq. In /etc/dnsmasq.conf, use systemd-resolved's resolv.conf file by changing



#resolv-file=/etc/resolv.conf


to



resolv-file=/run/systemd/resolve/resolv.conf


Set the VPN's DNS server for just its domains by adding



server=/internal.example.com/192.168.1.53


Disable DHCP to prevent any potential conflicts by changing



#no-dhcp-interface=


to



no-dhcp-interface=


Restart dnsmasq.



sudo systemctl restart dnsmasq


Unlink /etc/resolv.conf from systemd-resolved's configuration.



sudo unlink /etc/resolv.conf


Edit /etc/resolv.conf to use dnsmasq. This step might not be needed because Network Manager at some point overrode it to point to 127.0.0.53 anyway.



nameserver 127.0.0.53





share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115932%2fprioritize-vpns-dns-server%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1





    +100









    As you accept using dnsmasq, how about this:




    1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

    2. Try this config on your dnsmasq:


    server=/internal.example.com/192.168.1.53
    
server=8.8.8.8


    This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



    Take a look at "-S, --local, --server=" option on dnsmasq man page.



    Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






    share|improve this answer


























    • Thank you, this works.

      – cpburnz
      Mar 6 at 15:21











    • You're welcome. And just updated the answer with the correct param order.

      – JucaPirama
      Mar 6 at 15:59


















    1





    +100









    As you accept using dnsmasq, how about this:




    1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

    2. Try this config on your dnsmasq:


    server=/internal.example.com/192.168.1.53
    
server=8.8.8.8


    This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



    Take a look at "-S, --local, --server=" option on dnsmasq man page.



    Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






    share|improve this answer


























    • Thank you, this works.

      – cpburnz
      Mar 6 at 15:21











    • You're welcome. And just updated the answer with the correct param order.

      – JucaPirama
      Mar 6 at 15:59
















    1





    +100







    1





    +100



    1




    +100





    As you accept using dnsmasq, how about this:




    1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

    2. Try this config on your dnsmasq:


    server=/internal.example.com/192.168.1.53
    
server=8.8.8.8


    This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



    Take a look at "-S, --local, --server=" option on dnsmasq man page.



    Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.






    share|improve this answer















    As you accept using dnsmasq, how about this:




    1. Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)

    2. Try this config on your dnsmasq:


    server=/internal.example.com/192.168.1.53
    
server=8.8.8.8


    This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.



    Take a look at "-S, --local, --server=" option on dnsmasq man page.



    Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Mar 6 at 15:57

























    answered Feb 28 at 20:21









    JucaPiramaJucaPirama

    3396




    3396













    • Thank you, this works.

      – cpburnz
      Mar 6 at 15:21











    • You're welcome. And just updated the answer with the correct param order.

      – JucaPirama
      Mar 6 at 15:59





















    • Thank you, this works.

      – cpburnz
      Mar 6 at 15:21











    • You're welcome. And just updated the answer with the correct param order.

      – JucaPirama
      Mar 6 at 15:59



















    Thank you, this works.

    – cpburnz
    Mar 6 at 15:21





    Thank you, this works.

    – cpburnz
    Mar 6 at 15:21













    You're welcome. And just updated the answer with the correct param order.

    – JucaPirama
    Mar 6 at 15:59







    You're welcome. And just updated the answer with the correct param order.

    – JucaPirama
    Mar 6 at 15:59















    0














    Thanks to JucaPirama's answer for the direction I needed, this is my final setup using dnsmasq in front of systemd-resolved.



    Disable the systemd-resolved stub DNS server. In /etc/systemd/resolved.conf
    change



    #DNSStubListener=yes


    to



    DNSStubListener=no


    Restart systemd-resolved.



    sudo systemctl restart systemd-resolved


    Install dnsmasq.



    sudo apt-get install dnsmasq


    Setup dnsmasq. In /etc/dnsmasq.conf, use systemd-resolved's resolv.conf file by changing



    #resolv-file=/etc/resolv.conf


    to



    resolv-file=/run/systemd/resolve/resolv.conf


    Set the VPN's DNS server for just its domains by adding



    server=/internal.example.com/192.168.1.53


    Disable DHCP to prevent any potential conflicts by changing



    #no-dhcp-interface=


    to



    no-dhcp-interface=


    Restart dnsmasq.



    sudo systemctl restart dnsmasq


    Unlink /etc/resolv.conf from systemd-resolved's configuration.



    sudo unlink /etc/resolv.conf


    Edit /etc/resolv.conf to use dnsmasq. This step might not be needed because Network Manager at some point overrode it to point to 127.0.0.53 anyway.



    nameserver 127.0.0.53





    share|improve this answer




























      0














      Thanks to JucaPirama's answer for the direction I needed, this is my final setup using dnsmasq in front of systemd-resolved.



      Disable the systemd-resolved stub DNS server. In /etc/systemd/resolved.conf
      change



      #DNSStubListener=yes


      to



      DNSStubListener=no


      Restart systemd-resolved.



      sudo systemctl restart systemd-resolved


      Install dnsmasq.



      sudo apt-get install dnsmasq


      Setup dnsmasq. In /etc/dnsmasq.conf, use systemd-resolved's resolv.conf file by changing



      #resolv-file=/etc/resolv.conf


      to



      resolv-file=/run/systemd/resolve/resolv.conf


      Set the VPN's DNS server for just its domains by adding



      server=/internal.example.com/192.168.1.53


      Disable DHCP to prevent any potential conflicts by changing



      #no-dhcp-interface=


      to



      no-dhcp-interface=


      Restart dnsmasq.



      sudo systemctl restart dnsmasq


      Unlink /etc/resolv.conf from systemd-resolved's configuration.



      sudo unlink /etc/resolv.conf


      Edit /etc/resolv.conf to use dnsmasq. This step might not be needed because Network Manager at some point overrode it to point to 127.0.0.53 anyway.



      nameserver 127.0.0.53





      share|improve this answer


























        0












        0








        0







        Thanks to JucaPirama's answer for the direction I needed, this is my final setup using dnsmasq in front of systemd-resolved.



        Disable the systemd-resolved stub DNS server. In /etc/systemd/resolved.conf
        change



        #DNSStubListener=yes


        to



        DNSStubListener=no


        Restart systemd-resolved.



        sudo systemctl restart systemd-resolved


        Install dnsmasq.



        sudo apt-get install dnsmasq


        Setup dnsmasq. In /etc/dnsmasq.conf, use systemd-resolved's resolv.conf file by changing



        #resolv-file=/etc/resolv.conf


        to



        resolv-file=/run/systemd/resolve/resolv.conf


        Set the VPN's DNS server for just its domains by adding



        server=/internal.example.com/192.168.1.53


        Disable DHCP to prevent any potential conflicts by changing



        #no-dhcp-interface=


        to



        no-dhcp-interface=


        Restart dnsmasq.



        sudo systemctl restart dnsmasq


        Unlink /etc/resolv.conf from systemd-resolved's configuration.



        sudo unlink /etc/resolv.conf


        Edit /etc/resolv.conf to use dnsmasq. This step might not be needed because Network Manager at some point overrode it to point to 127.0.0.53 anyway.



        nameserver 127.0.0.53





        share|improve this answer













        Thanks to JucaPirama's answer for the direction I needed, this is my final setup using dnsmasq in front of systemd-resolved.



        Disable the systemd-resolved stub DNS server. In /etc/systemd/resolved.conf
        change



        #DNSStubListener=yes


        to



        DNSStubListener=no


        Restart systemd-resolved.



        sudo systemctl restart systemd-resolved


        Install dnsmasq.



        sudo apt-get install dnsmasq


        Setup dnsmasq. In /etc/dnsmasq.conf, use systemd-resolved's resolv.conf file by changing



        #resolv-file=/etc/resolv.conf


        to



        resolv-file=/run/systemd/resolve/resolv.conf


        Set the VPN's DNS server for just its domains by adding



        server=/internal.example.com/192.168.1.53


        Disable DHCP to prevent any potential conflicts by changing



        #no-dhcp-interface=


        to



        no-dhcp-interface=


        Restart dnsmasq.



        sudo systemctl restart dnsmasq


        Unlink /etc/resolv.conf from systemd-resolved's configuration.



        sudo unlink /etc/resolv.conf


        Edit /etc/resolv.conf to use dnsmasq. This step might not be needed because Network Manager at some point overrode it to point to 127.0.0.53 anyway.



        nameserver 127.0.0.53






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 6 at 15:39









        cpburnzcpburnz

        437725




        437725






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115932%2fprioritize-vpns-dns-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Human spaceflight

            Image
            Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
            Read more

            Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

            Image
            0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
            Read more

            File:DeusFollowingSea.jpg

            Image
            File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
            Read more