You are not logged in.

#1 2016-04-22 23:46:53

rbaj
Member
Registered: 2016-01-27
Posts: 36

[SOLVED] Configure Unbound as a local DNS resolver for AirVPN

I'm using NetworkManager to connect to the AirVPN service. I read somewhere that there are benefits to going through their DNS, so I'd like to make sure theirs is the only one being used while I'm connected to the VPN. NetworkManager adds the VPN DNS to the top of resolv.conf when it connects, and removes it on disconnect, but doesn't remove any previous DNS entries from the list. So I could still be using my ISP's nameserver while I'm on the VPN. Apparently this is a bug in NetworkManager.

Here and here recommend using Unbound as a local DNS resolver to connect to the correct nameserver:

brebs wrote:

Basically yeah, Unbound does it all:

1. Normal Internet DNS.
2. VPN-specific DNS for the VPN IP addresses & domain - see sample config in which you tell Unbound the domain, IP range and nameserver IP address.

Then, for VPN-specific DNS lookups, Unbound will forward the request to the VPN nameserver you specified.

I set resolve.conf to use only 127.0.0.1 and use Unbound with the following conf, which is basically the default:

server:
  use-syslog: yes
  username: "unbound"
  directory: "/etc/unbound"
  trust-anchor-file: trusted-key.key
  interface: 127.0.0.1
  root-hints: "/etc/unbound/root.hints"

If I look at these three leak tests (which may or may not be accurate) dnsleaktest, grc, and ipleak without a VPN connection they show a nameserver that could well be my ISP's. If I look at them with the VPN connection they show an AirVPN server.

My question is: how does Unbound know where to send the DNS queries (VPN vs no VPN) without me having told it what the VPN nameserver is? I haven't defined a forward-zone in the conf like brebs suggested in one of the threads. Has it picked the right server by chance from a list on my machine? It's doing the right thing, but I don't understand why...

Last edited by rbaj (2016-05-18 12:40:31)

Offline

#2 2016-05-18 12:35:30

rbaj
Member
Registered: 2016-01-27
Posts: 36

Re: [SOLVED] Configure Unbound as a local DNS resolver for AirVPN

This was due to a lack of understanding on my part. With some help I've got it set up correctly. See here: https://bbs.archlinux.org/viewtopic.php?id=211856

Offline

Board footer

Powered by FluxBB