search

NordSecurity / nordvpn-linux

NordVPN Linux client
GNU General Public License v3.0
309 stars 44 forks source link

DNS Entries are resolved in different order than specified in config #671

Open micsport13 opened 4 weeks ago

micsport13 commented 4 weeks ago

I was setting up a local DNS server to route my traffic, but since it's a test, I decided to add a fallback dns when executing the command nordvpn set dns in the event my local DNS server is down. It appears that the dns search order is in the alphabetical order of the DNS servers, not the order it's provided in the CLI. So, if I have a DNS Server located at 172.168.2.15 and I specify 1.1.1.1 as the backup DNS, all queries go through 1.1.1.1 since it comes first alphabetically, even if I executed nordvpn set dns 172.168.2.15 1.1.1.1.

Reproduction

  1. Running DNS server on 10.0.0.106
  2. Set DNS servers on NordVPN to 10.0.0.106 and 1.1.1.1
  3. NSLookup google.com
  4. Output 
    
nslookup google.com
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer: Name: google.com Address: 192.178.49.206 Name: google.com Address: 2607:f8b0:402a:80d::200e

Expected Output

Server: 10.0.0.106 Address: 10.0.0.106#53

Non-authoritative answer: Name: google.com Address: 172.217.0.78 Name: google.com Address: 2607:f8b0:4025:810::200e



So it appears that currently there are 2 options: Either ensure your DNS server never goes down and only set 1 DNS server in the nordvpn config or add a DNS server that has a higher IP address than the local DNS so that NordVPN chooses the local DNS before falling back to the secondary DNS (or Tertiary for that matter)
mariusSincovici commented 4 weeks ago

Hi, thanks for your feedback.

I've managed to reproduce the issue and register a bug on our side.

If there are 2 DNS servers into resolv.conf and if the first is down then the resolver will jump automatically to the second, after retrying several times the first server. But this will slowdown the system.

Until then there is a workaround for /etc/resolv.conf. When the file is immutable NordVPN application will not change it. But this would mean that you'll have to manage the file content manually. To make the file immutable sudo chattr +i /etc/resolv.conf.

Thanks