Why is my ISP DNS still in resolv.conf after a VPN connection and how can this be fixed?
Clash Royale CLAN TAG#URR8PPP
Ubuntu 15.10 and dns=dnsmasq is commented out in /etc/NetworkManager/NetworkManager.conf
Before I connect to a VPN /etc/resolv.conf contains
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
nameserver 2xx.xx.xx.xx <-- ISP DNS 2
after a VPN connection /etc/resolv.conf contains
nameserver 1xx.xx.xx.xx <-- VPN DNS 1
nameserver 1xx.xx.xx.xx <-- VPN DNS 2
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
The regular wired connection and the VPN have DNS servers set in network manager with automatic (only addresses). The ISP server shouldn't be there at all. What else can I change? (removing dns=dnsmasq was one change to stop split DNS).
ubuntu dns resolv.conf
add a comment |
Ubuntu 15.10 and dns=dnsmasq is commented out in /etc/NetworkManager/NetworkManager.conf
Before I connect to a VPN /etc/resolv.conf contains
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
nameserver 2xx.xx.xx.xx <-- ISP DNS 2
after a VPN connection /etc/resolv.conf contains
nameserver 1xx.xx.xx.xx <-- VPN DNS 1
nameserver 1xx.xx.xx.xx <-- VPN DNS 2
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
The regular wired connection and the VPN have DNS servers set in network manager with automatic (only addresses). The ISP server shouldn't be there at all. What else can I change? (removing dns=dnsmasq was one change to stop split DNS).
ubuntu dns resolv.conf
add a comment |
Ubuntu 15.10 and dns=dnsmasq is commented out in /etc/NetworkManager/NetworkManager.conf
Before I connect to a VPN /etc/resolv.conf contains
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
nameserver 2xx.xx.xx.xx <-- ISP DNS 2
after a VPN connection /etc/resolv.conf contains
nameserver 1xx.xx.xx.xx <-- VPN DNS 1
nameserver 1xx.xx.xx.xx <-- VPN DNS 2
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
The regular wired connection and the VPN have DNS servers set in network manager with automatic (only addresses). The ISP server shouldn't be there at all. What else can I change? (removing dns=dnsmasq was one change to stop split DNS).
ubuntu dns resolv.conf
Ubuntu 15.10 and dns=dnsmasq is commented out in /etc/NetworkManager/NetworkManager.conf
Before I connect to a VPN /etc/resolv.conf contains
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
nameserver 2xx.xx.xx.xx <-- ISP DNS 2
after a VPN connection /etc/resolv.conf contains
nameserver 1xx.xx.xx.xx <-- VPN DNS 1
nameserver 1xx.xx.xx.xx <-- VPN DNS 2
nameserver 2xx.xx.xx.xx <-- ISP DNS 1
The regular wired connection and the VPN have DNS servers set in network manager with automatic (only addresses). The ISP server shouldn't be there at all. What else can I change? (removing dns=dnsmasq was one change to stop split DNS).
ubuntu dns resolv.conf
ubuntu dns resolv.conf
edited Feb 21 '16 at 22:24
user157600
asked Feb 21 '16 at 21:09
user157600user157600
163
163
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
NetworkManager can either:
update
resolv.conf
itself;delegate to
resolvconf
(for theNetworkManager
interface);or use
netconfig
.
The different configurations coming from each interface are simply aggregated (see update_dns()
).
If you do not use NetworkManager for the VPN, you might use openresolv
exclusive mode (-x
) in order to override the nameservers from NetworkManager
with the ones from the VPN instead of adding them. This can be done with this (ugly) script (OpenVPN hook):
#!/bin/sh
# Dump all foreign options (coming from environment variables foreign_option_N) to stdout
foreign_options()
local i
i=1
while true; do
local varname=foreign_option_$i
local value="$(eval echo $$varname)"
if [ -z "$value" ]; then
return
fi
echo $value
i=$((i+1))
done
#Create a resolv.conf file from OpenVPN environment variables
create_resolvconf() sed "s/^dhcp-option DNS /nameserver /"
route_up()
create_resolvconf
down()
resolvconf -d $dev
case "$script_type" in
route-up) route_up "$@" ;;
down) down "$@" ;;
esac
You should be able to adapt this to be used as a NetworkManager dispatcher script (see man 8 NetworkManager) using:
VPN_IP4_NAMESERVERS
VPN_IP6_NAMESERVERS
I didn't test it but something like this should do the trick:
#!/bin/sh
create_resolvconf()
for ip in $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS; do
echo "nameserver $ip"
done
up() resolvconf -x -a $VPN_IP_IFAC
down()
resolvconf -d $VPN_IP_IFAC
if [ -z "$VPN_IP_IFACE" ]; then
return 0
fi
case "$2" in
up) up ;;
down) down ;;
esac
Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf.
– user157600
Feb 22 '16 at 1:02
@user157600, The -x options needsopenresolv
instead ofresolvconf
.
– ysdx
Feb 22 '16 at 1:26
Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere.
– user157600
Feb 22 '16 at 2:31
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f264830%2fwhy-is-my-isp-dns-still-in-resolv-conf-after-a-vpn-connection-and-how-can-this-b%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
NetworkManager can either:
update
resolv.conf
itself;delegate to
resolvconf
(for theNetworkManager
interface);or use
netconfig
.
The different configurations coming from each interface are simply aggregated (see update_dns()
).
If you do not use NetworkManager for the VPN, you might use openresolv
exclusive mode (-x
) in order to override the nameservers from NetworkManager
with the ones from the VPN instead of adding them. This can be done with this (ugly) script (OpenVPN hook):
#!/bin/sh
# Dump all foreign options (coming from environment variables foreign_option_N) to stdout
foreign_options()
local i
i=1
while true; do
local varname=foreign_option_$i
local value="$(eval echo $$varname)"
if [ -z "$value" ]; then
return
fi
echo $value
i=$((i+1))
done
#Create a resolv.conf file from OpenVPN environment variables
create_resolvconf() sed "s/^dhcp-option DNS /nameserver /"
route_up()
create_resolvconf
down()
resolvconf -d $dev
case "$script_type" in
route-up) route_up "$@" ;;
down) down "$@" ;;
esac
You should be able to adapt this to be used as a NetworkManager dispatcher script (see man 8 NetworkManager) using:
VPN_IP4_NAMESERVERS
VPN_IP6_NAMESERVERS
I didn't test it but something like this should do the trick:
#!/bin/sh
create_resolvconf()
for ip in $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS; do
echo "nameserver $ip"
done
up() resolvconf -x -a $VPN_IP_IFAC
down()
resolvconf -d $VPN_IP_IFAC
if [ -z "$VPN_IP_IFACE" ]; then
return 0
fi
case "$2" in
up) up ;;
down) down ;;
esac
Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf.
– user157600
Feb 22 '16 at 1:02
@user157600, The -x options needsopenresolv
instead ofresolvconf
.
– ysdx
Feb 22 '16 at 1:26
Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere.
– user157600
Feb 22 '16 at 2:31
add a comment |
NetworkManager can either:
update
resolv.conf
itself;delegate to
resolvconf
(for theNetworkManager
interface);or use
netconfig
.
The different configurations coming from each interface are simply aggregated (see update_dns()
).
If you do not use NetworkManager for the VPN, you might use openresolv
exclusive mode (-x
) in order to override the nameservers from NetworkManager
with the ones from the VPN instead of adding them. This can be done with this (ugly) script (OpenVPN hook):
#!/bin/sh
# Dump all foreign options (coming from environment variables foreign_option_N) to stdout
foreign_options()
local i
i=1
while true; do
local varname=foreign_option_$i
local value="$(eval echo $$varname)"
if [ -z "$value" ]; then
return
fi
echo $value
i=$((i+1))
done
#Create a resolv.conf file from OpenVPN environment variables
create_resolvconf() sed "s/^dhcp-option DNS /nameserver /"
route_up()
create_resolvconf
down()
resolvconf -d $dev
case "$script_type" in
route-up) route_up "$@" ;;
down) down "$@" ;;
esac
You should be able to adapt this to be used as a NetworkManager dispatcher script (see man 8 NetworkManager) using:
VPN_IP4_NAMESERVERS
VPN_IP6_NAMESERVERS
I didn't test it but something like this should do the trick:
#!/bin/sh
create_resolvconf()
for ip in $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS; do
echo "nameserver $ip"
done
up() resolvconf -x -a $VPN_IP_IFAC
down()
resolvconf -d $VPN_IP_IFAC
if [ -z "$VPN_IP_IFACE" ]; then
return 0
fi
case "$2" in
up) up ;;
down) down ;;
esac
Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf.
– user157600
Feb 22 '16 at 1:02
@user157600, The -x options needsopenresolv
instead ofresolvconf
.
– ysdx
Feb 22 '16 at 1:26
Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere.
– user157600
Feb 22 '16 at 2:31
add a comment |
NetworkManager can either:
update
resolv.conf
itself;delegate to
resolvconf
(for theNetworkManager
interface);or use
netconfig
.
The different configurations coming from each interface are simply aggregated (see update_dns()
).
If you do not use NetworkManager for the VPN, you might use openresolv
exclusive mode (-x
) in order to override the nameservers from NetworkManager
with the ones from the VPN instead of adding them. This can be done with this (ugly) script (OpenVPN hook):
#!/bin/sh
# Dump all foreign options (coming from environment variables foreign_option_N) to stdout
foreign_options()
local i
i=1
while true; do
local varname=foreign_option_$i
local value="$(eval echo $$varname)"
if [ -z "$value" ]; then
return
fi
echo $value
i=$((i+1))
done
#Create a resolv.conf file from OpenVPN environment variables
create_resolvconf() sed "s/^dhcp-option DNS /nameserver /"
route_up()
create_resolvconf
down()
resolvconf -d $dev
case "$script_type" in
route-up) route_up "$@" ;;
down) down "$@" ;;
esac
You should be able to adapt this to be used as a NetworkManager dispatcher script (see man 8 NetworkManager) using:
VPN_IP4_NAMESERVERS
VPN_IP6_NAMESERVERS
I didn't test it but something like this should do the trick:
#!/bin/sh
create_resolvconf()
for ip in $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS; do
echo "nameserver $ip"
done
up() resolvconf -x -a $VPN_IP_IFAC
down()
resolvconf -d $VPN_IP_IFAC
if [ -z "$VPN_IP_IFACE" ]; then
return 0
fi
case "$2" in
up) up ;;
down) down ;;
esac
NetworkManager can either:
update
resolv.conf
itself;delegate to
resolvconf
(for theNetworkManager
interface);or use
netconfig
.
The different configurations coming from each interface are simply aggregated (see update_dns()
).
If you do not use NetworkManager for the VPN, you might use openresolv
exclusive mode (-x
) in order to override the nameservers from NetworkManager
with the ones from the VPN instead of adding them. This can be done with this (ugly) script (OpenVPN hook):
#!/bin/sh
# Dump all foreign options (coming from environment variables foreign_option_N) to stdout
foreign_options()
local i
i=1
while true; do
local varname=foreign_option_$i
local value="$(eval echo $$varname)"
if [ -z "$value" ]; then
return
fi
echo $value
i=$((i+1))
done
#Create a resolv.conf file from OpenVPN environment variables
create_resolvconf() sed "s/^dhcp-option DNS /nameserver /"
route_up()
create_resolvconf
down()
resolvconf -d $dev
case "$script_type" in
route-up) route_up "$@" ;;
down) down "$@" ;;
esac
You should be able to adapt this to be used as a NetworkManager dispatcher script (see man 8 NetworkManager) using:
VPN_IP4_NAMESERVERS
VPN_IP6_NAMESERVERS
I didn't test it but something like this should do the trick:
#!/bin/sh
create_resolvconf()
for ip in $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS; do
echo "nameserver $ip"
done
up() resolvconf -x -a $VPN_IP_IFAC
down()
resolvconf -d $VPN_IP_IFAC
if [ -z "$VPN_IP_IFACE" ]; then
return 0
fi
case "$2" in
up) up ;;
down) down ;;
esac
edited Jan 10 at 12:33
Vlastimil
7,9021263134
7,9021263134
answered Feb 22 '16 at 0:00
ysdxysdx
1,202912
1,202912
Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf.
– user157600
Feb 22 '16 at 1:02
@user157600, The -x options needsopenresolv
instead ofresolvconf
.
– ysdx
Feb 22 '16 at 1:26
Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere.
– user157600
Feb 22 '16 at 2:31
add a comment |
Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf.
– user157600
Feb 22 '16 at 1:02
@user157600, The -x options needsopenresolv
instead ofresolvconf
.
– ysdx
Feb 22 '16 at 1:26
Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere.
– user157600
Feb 22 '16 at 2:31
Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf.
– user157600
Feb 22 '16 at 1:02
Thanks for the detailed reply. The dispatcher script causes an error in syslog: "resolvconf: Error: Command not recognized", "Usage: resolvconf (-d IFACE|-a IFACE|-u|--enable-updates|--disable-updates|--updates-are-enabled)". I think it might not be recognizing the -x, as that option does not appear in man resolvconf.
– user157600
Feb 22 '16 at 1:02
@user157600, The -x options needs
openresolv
instead of resolvconf
.– ysdx
Feb 22 '16 at 1:26
@user157600, The -x options needs
openresolv
instead of resolvconf
.– ysdx
Feb 22 '16 at 1:26
Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere.
– user157600
Feb 22 '16 at 2:31
Fixed openresolv. Now I have 2 VPN and 2 ISP DNS servers in resolv.conf. Previously is was 2 VPN and 1 DNS. I do appreciate the attempt to help, but this is way out of my level of understanding of these things. I hope there can be a simpler solution somewhere.
– user157600
Feb 22 '16 at 2:31
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f264830%2fwhy-is-my-isp-dns-still-in-resolv-conf-after-a-vpn-connection-and-how-can-this-b%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown