You are not logged in.
I had dnscrypt-proxy in use on my laptop before I signed up at a VPN provider, and dnscrypt-proxy is set up to only use random DNS servers that support DNSCrypt + DoH + DNSSEC + NoLog + NoFilter.
When I connect to the VPN (via OpenVPN), the DNS servers of the VPN provider are not used, so dnscrypt-proxy is doing its thing as before, resulting in a DNS Leak (which I guess should not be relevant due to the use of such dnscrypt-proxy setup).
I generally trust the VPN provider that I have chosen, which is not located in one of the 14 eyes countries and has a no-logging policy, so I'd say nothing should speak against using the VPN provider's DNS servers.
Right now I'm not sure which method is the most useful privacy-wise, so if to stick to the DNS servers that dnscrypt-proxy chooses or to just use the DNS servers of the VPN provider, but the problem is now that in my current setup with GNOME using NetworkManager on Arch Linux including openresolv to manage /etc/resolv.conf I have not found a way to make use of the VPN's DNS servers as it always uses dnscrypt-proxy running on the loopback interface).
So /etc/resolv.conf is managed by openresolv and /etc/resolvconf.conf was set up as follows:
$ cat /etc/resolvconf.conf
resolv_conf=/etc/resolv.conf
resolv_conf_options="edns0 single-request-reopen"
name_servers="127.0.0.1 ::1"Whenever the VPN connects (or if any other connection goes up/down) /etc/resolv.conf remains unchanged:
$ cat /etc/resolv.conf
# Generated by resolvconf
search fritz.box
nameserver 127.0.0.1
nameserver ::1
options edns0 single-request-reopenI tried several options after reading the manpage of resolvconf.conf, but whatever I tried the desired behavior did not succeed. It either stayed the same, or added the name servers in undesired order.
The desired outcome would be to have /etc/resolv.conf as shown (with the local dnscrypt-proxy only) when not connected to the VPN, and if connected to the VPN use the VPN's DNS servers for external name resolution and the local dnscrypt-proxy for internal name resolution.
openresolv / resolvconf.conf works with subscriber options, but it does not ship with a subscriber for dnscrypt-proxy. I also found no way to make dnscrypt-proxy use the VPN's DNS as upstream servers when the VPN is up and let it do its own thing when the VPN is down.
Any ideas?
Offline