Gullumluvl
commented
6 years ago I just found other people having the same issue: https://github.com/systemd/systemd/issues/6076, so it is indeed a systemd-resolved problem, sorry I was confused.
Closed Gullumluvl closed 5 years ago
Gullumluvl
commented
6 years ago I just found other people having the same issue: https://github.com/systemd/systemd/issues/6076, so it is indeed a systemd-resolved problem, sorry I was confused.
jonathanio
commented
6 years ago @Gullumluvl,
Have you tried setting DOMAIN-ROUTE to . (single period). This should have the effect of routing all DNS though the selected connection (save for any more specific DNS namespaces which may apply to other links). I use it on my own laptop and it appears to work as expected; I don't see DNS requests made to my home DNS server when DOMAIN-ROUTE has been set.
Gullumluvl
commented
6 years ago Oh yes, I was just trying that! It seems to work :D Thanks a lot for your quick answer!
Gullumluvl
commented
6 years ago What happens when the computer goes out of sleep though? I had to restart the openvpn service and then it was leaking...
jonathanio
commented
6 years ago @Gullumluvl,
I wonder if systemd-resolved is flushing its cache somehow, most likely because your physical network interfaces are taken down. If the period of suspension is short enough that OpenVPN can resume the connection without having to re-authenticate, then that will probably result in a fresh cache without this script being triggered by OpenVPN.
What is the output of --status on restart? Additionally, maybe you could set the OpenVPN service to close with the sleep target, or to be restarted on resume somehow? That may help, but there may be a small period of leakage still.
Edu4rdSHL
commented
5 years ago You just need to add UseDNS=false in the [DHCP] section of your .network file.
jonathanio
commented
5 years ago @Gullumluvl,
Having re-read your original message, the issue may be that you're trying to use resolv.conf - by default, systemd-resolved will put all your DNS servers into that file. The ability to route to specific domains and the level of control you have is a feature specifically of systemd rather than the standard DNS configurations.
To replicate the effects old configurations that involved temporarily replacing the /etc/resolv.conf file, you need to add resolve to your nsswitch.conf file under dns, and then ensure that DOMAIN-ROUTE . is passed via the dhcp-option configuration to the client (either locally or remotely).
Symlinking your /etc/resolv.conf to /run/systemd/resolv/stub-resolv.conf will help towards this too, as it'll force all DNS requests, regardless if you have resolve set, through systemd-resolved. You don't need to worry about what is/isn't in resolv.conf then either.
The output of
systemd-resolve --statusshows that the first DNS server on the interfaceeno1(ethernet?) is192.168.1.254, which is basically my ISP box.I symlinked
/etc/resolv.confto/etc/systemd/resolve/resolv.conf, and tried editing the latter file to remove the unwanted DNS, but my changes weren't saved. How to configure the chosen DNS servers?It's really a problem because when using openvpn, even with the up/down scripts properly configured, I will have DNS leaks...
How to remove this DNS server? thanks a lot for your help.