Pushed DNS servers are added at the end of the list and not used as a result

jonathanio / update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus.

Other

761 stars 94 forks source link

Pushed DNS servers are added at the end of the list and not used as a result #58

Closed ezaquarii closed 5 years ago

ezaquarii commented 5 years ago

The script is run, but when I investigated resolv.conf I find this::

nameserver 8.8.8.8 <- manually added to systemd config
nameserver 8.8.4.4 <- manually added to systemd config
nameserver a.b.c.d <- pushed by ISP
# Too many DNS servers configured, the following entries may be ignored.
nameserver e.f.g.h  <- pushed by ISP
nameserver 1.1.1.1 <- pushed by OpenVPN
nameserver 1.0.0.1 <- pushed by OpenVPN

This has 2 issues:

DNSes provided by VPN are not used
DNS leak occurs

IMO the script should replace DNS servers somehow, or at least provide an option to do this.

piotr-dobrogost commented 5 years ago

resolve.conf is very old concept and very limited in what it can represent and new concepts introduced by systemd-resolved such as routing DNS queries through specific interfaces can't be represented in resolve.conf If you use systemd-resolved for resolving then you should be looking at resolvectl status (systemd-resolve --status when using systemd <239) and not resolve.conf

ezaquarii commented 5 years ago

Yeah... there are some bug reports about systemd switching DNSes in unpredictable way...

piotr-dobrogost commented 5 years ago

So apart from resolve.conf not looking like what you would expect – can you describe what behavior you expect and what's the actual behavior? Please, provide as much information as you can (output from resolvectl status would be very helpful).

ezaquarii commented 5 years ago

It looks like the systemd DNS routing behaves correctly.