Closed Gullumluvl closed 5 years ago
I just found other people having the same issue: https://github.com/systemd/systemd/issues/6076, so it is indeed a systemd-resolved problem, sorry I was confused.
@Gullumluvl,
Have you tried setting DOMAIN-ROUTE
to .
(single period). This should have the effect of routing all DNS though the selected connection (save for any more specific DNS namespaces which may apply to other links). I use it on my own laptop and it appears to work as expected; I don't see DNS requests made to my home DNS server when DOMAIN-ROUTE
has been set.
Oh yes, I was just trying that! It seems to work :D Thanks a lot for your quick answer!
What happens when the computer goes out of sleep though? I had to restart the openvpn service and then it was leaking...
@Gullumluvl,
I wonder if systemd-resolved
is flushing its cache somehow, most likely because your physical network interfaces are taken down. If the period of suspension is short enough that OpenVPN can resume the connection without having to re-authenticate, then that will probably result in a fresh cache without this script being triggered by OpenVPN.
What is the output of --status
on restart? Additionally, maybe you could set the OpenVPN service to close with the sleep target, or to be restarted on resume somehow? That may help, but there may be a small period of leakage still.
You just need to add UseDNS=false
in the [DHCP] section of your .network file.
@Gullumluvl,
Having re-read your original message, the issue may be that you're trying to use resolv.conf
- by default, systemd-resolved
will put all your DNS servers into that file. The ability to route to specific domains and the level of control you have is a feature specifically of systemd rather than the standard DNS configurations.
To replicate the effects old configurations that involved temporarily replacing the /etc/resolv.conf
file, you need to add resolve
to your nsswitch.conf
file under dns
, and then ensure that DOMAIN-ROUTE .
is passed via the dhcp-option
configuration to the client (either locally or remotely).
Symlinking your /etc/resolv.conf
to /run/systemd/resolv/stub-resolv.conf
will help towards this too, as it'll force all DNS requests, regardless if you have resolve
set, through systemd-resolved
. You don't need to worry about what is/isn't in resolv.conf
then either.
The output of
systemd-resolve --status
shows that the first DNS server on the interfaceeno1
(ethernet?) is192.168.1.254
, which is basically my ISP box.I symlinked
/etc/resolv.conf
to/etc/systemd/resolve/resolv.conf
, and tried editing the latter file to remove the unwanted DNS, but my changes weren't saved. How to configure the chosen DNS servers?It's really a problem because when using openvpn, even with the up/down scripts properly configured, I will have DNS leaks...
How to remove this DNS server? thanks a lot for your help.