You are not logged in.
- Topics: Active | Unanswered
#1 2016-05-10 13:53:04
- zebulon
- Member
- Registered: 2008-10-20
- Posts: 358
NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
Hi,
I use NetworkManager in KDE (plasma-nm). I had no problem to configure my Wifi and an OpenVPN connection. However, I would like to use specific DNS when connected via the VPN, and this is where I have some difficulties.
When using my Wifi without VPN, the IPv4 addresses are all configured to auto setting. My router at 192.168.1.1 provides both an IPv4 (via DHCP) and DNS addresses from my ISP. /etc/resolv.conf contains:
nameserver 192.168.1.1For the VPN, I used "Automatic (VPN) address only" for getting the IPv4 address from my VPN server, but used some other DNS addresses than my router (as in XXX.YYY.ZZZ.WWW). However, after connecting, /etc/resolv.conf contains:
nameserver XXX.YYY.ZZZ.WWW
nameserver 192.168.1.1Unfortunately, this leads to the leakage of the DNS servers of my ISP, as nameserver 192.168.1.1 is still in /etc/resolv.conf.
How to ask NM not to use the "parent" DNS?
Offline
#2 2016-05-11 20:04:32
- nixpunk
- Member
- Registered: 2009-11-23
- Posts: 271
Re: NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
I'm not sure how or if you can do this using NM, since I do not use it. One solution would be to simply create a firewall rule to only allow lookups to specific nameserver IPs or ranges. This is one way to stop the leak.
Offline
#3 2016-05-12 12:25:37
- wudu
- Member
- Registered: 2010-03-08
- Posts: 83
Re: NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
In NM you can choose "Automatic (DHCP), addresses only" (could be slightly different cause I'm using other system language). This prevents your LAN connection from obtaining the DNS server from DHCP.
Last edited by wudu (2016-05-12 12:26:28)
Offline
#4 2016-05-16 10:15:39
- zebulon
- Member
- Registered: 2008-10-20
- Posts: 358
Re: NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
In NM you can choose "Automatic (DHCP), addresses only" (could be slightly different cause I'm using other system language). This prevents your LAN connection from obtaining the DNS server from DHCP.
This is eactly what I use. This allows you to redefine the DNS server addresses. The only issue is that the DNS address are added to the original - non VPN - one, and you would want them to replace it. This could be a bug in NM actually, I may need to look into their support.
Offline
#5 2016-05-17 10:42:27
- rbaj
- Member
- Registered: 2016-01-27
- Posts: 36
Re: NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
This is a bug in NM. I can't find the bug report at the moment but it's made a lot of people frustrated! You could try this approach and turn off DNS management by NM: https://bbs.archlinux.org/viewtopic.php?id=211856
Edit: I think this is the bug report https://bugs.launchpad.net/ubuntu/+sour … ug/1211110
Last edited by rbaj (2016-05-17 10:47:02)
Offline
#6 2016-05-17 10:45:57
- zebulon
- Member
- Registered: 2008-10-20
- Posts: 358
Re: NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
Thanks a lot rbaj. Very useful. Indeed it looks like a bug, bizarre they have not fixed a so simple thing. Otherwise, is using an Opennic DNS server a good thing? They say they do not keep logs, so could they be used as "parent" DNS meanwhile?
Offline
#7 2016-05-17 10:49:04
- rbaj
- Member
- Registered: 2016-01-27
- Posts: 36
Re: NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
Yeah I used Opennic before I got unbound working. If you don't mind DNS requests going outside the VPN then it seems like a good solution to me.
Offline
#8 2016-05-17 13:10:19
- zebulon
- Member
- Registered: 2008-10-20
- Posts: 358
Re: NetworkManager, VPN and DNS settings: how to disable "parent" DNS?
Thank you rbaj.
I think I found the bug report you were talking about: https://bugzilla.gnome.org/show_bug.cgi?id=738647
Last edited by zebulon (2016-05-17 13:17:36)
Offline