You can do this with dnsmasq
.
Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS can be resolved and also answers DNS queries for DHCP configured hosts.
Installing dnsmasq
is just a case of using apt-get.
sudo apt-get install dnsmasq
Setup dnsmasq as DNS DHCP
Looking at the file /etc/dnsmasq.conf
first. The lines are listed are those that I changed from their defaults. Just uncomment and amend them as necessary. (Remove the ‘#’ from the beginning of the line).
sudo nano /etc/dnsmasq.conf
domain-needed
bogus-priv
no-resolv
no-poll
server=/example.com/192.168.0.5
server=8.8.8.8
server=208.67.220.220
local=/example.com/
address=/doubleclick.net/127.0.0.1
no-hosts
addn-hosts=/etc/dnsmasq_static_hosts.conf
expand-hosts
domain=example.com
dhcp-range=192.168.0.20,192.168.0.50,72h
dhcp-host=mylaptop,192.168.0.199,36h
dhcp-option=option:router,192.168.0.1
dhcp-option=option:ntp-server,192.168.0.5
dhcp-option=19,0 # ip-forwarding off
dhcp-option=44,192.168.0.5 # set netbios-over-TCP/IP aka WINS
dhcp-option=45,192.168.0.5 # netbios datagram distribution server
dhcp-option=46,8 # netbios node type
What these lines will do for you.
domain-needed This tells dnsmasq
to never pass short names to the upstream DNS servers. If the name is not in the local /etc/hosts
file then “not found” will be returned.
bogus-priv All reverse IP (192.168.x.x) lookups that are not found in /etc/hosts
will be returned as “no such domain” and not forwarded to the upstream servers.
no-resolv Do not read resolv.conf
to find the servers where to lookup dns.
no-poll Do not poll resolv.conf
for changes
server=8.8.8.8 Set one or more DNS
servers to use when addresses are not local. These are open DNS
servers.
local=/example.com/ Our local domain, queries in these domains are answered from /etc/hosts
or the static-hosts files.
address=/doubleclick.net/127.0.0.1 Use this force an address for the specified domains. e.g to block adverts force doubleclck.net
to localhost
no-hosts This options stops dnsmasq
using the local /etc/hosts
file as a source for lookups .
addn-hosts=/etc/dnsmasq_static_hosts.conf Force dnsmasq
to use this file for lookups. It is in the same format as /etc/hosts
.
expand_hosts So we can see our local hosts via our home domain without having to repeatedly specify the domain in our /etc/hosts
file.
domain This is your local domain name. It will tell the DHCP
server which host to give out IP addresses for.
dhcp-range This is the range of IPs that DHCP
will serve: 192.168.0.20
to 192.168.0.50
, with a lease time of 72 hours. The lease time is how long that IP will be linked to a host.
dhcp-host=mylaptop,192.168.0.199,36h Any machine saying they are hostname = ‘mylaptop’
gets this IP
address
dhcp-option=option:router,192.168.0.1 When a host is requesting an IP
address via DHCP
also tell it the gateway to use.
dhcp-option=option:ntp-server,192.168.0.5 When a host is requesting an IP address via DHCP
also tell it the NTP
to use.
In the file /etc/dnsmasq_static_hosts.conf
you can add a list of local machines with static IP addresses in the same format as the hosts file. It is also an easy way of creating aliases or CNAME records.
192.168.0.8 mail mail.example.com
192.168.0.9 smtp smtp.example.com
192.168.0.120 mythtvbox mythtvbox.example.com
Starting and stopping the service
sudo service dnsmasq start
sudo service dnsmasq stop
sudo service dnsmasq restart
And one more thing to do. Terminate all other DHCP
servers on local network. Your DHCP/DNS
server must be only one.
This is not a direct answer to the question (I don't know why /etc/resolv.conf is not properly updated -- but regardless of why, the real problem is that it isn't), but rather a solution to the underlying problem. After trying a LOT of things I read here and elsewhere, this is the only thing that finally worked for me:
in /etc/systemd/resolved.conf, change "yes" to "no" in this line (and uncomment if necessary) so that you end up with:
DNSStubListener=no
I believe what this does is tells the system not to look at /etc/resolv.conf (which in my case was directing it to 127.0.0.53 only -- it did not have the name servers OpenVPN was providing, as the original question mentions) for DNS. My guess is that being disallowed from relying upon /etc/resolv.conf forces it to fall back on the other (correct) DNS settings OpenVPN is providing.
Note that this will not work (at least it didn't for me) while dnsmasq is running, so if you have that installed, stop the service and set it not to run
Note that this assumes Ubuntu 18.04, and perhaps that other solutions mentioned here and elsewhere are already implemented, including having openvpn-systemd-resolved
and resolvconf
installed, and including the necessary lines in the .ovpn
file:
script security 2
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre
Although I suspect that this fix renders that all irrelevant since it is getting DNS from somewhere besides /etc/resolv.conf, which I believe is what the update-systemd-resolved scripts are supposed to fix (but don't for some people).
Best Answer
The information is managed internally by Network Manager. You can get this information on the command line using the included
nmcli
tool.You can retrieve Network Manager's information for a particular network interface with the following command:
(replace
eth0
with the interface you are connecting with). The output will include information about the interface and the currently active connection on that interface:It shouldn't be too difficult to extract the information you are after from this output.
If you need a programmatic method of accessing this data that doesn't rely on the output of
nmcli
, this information should also be available from Network Manager's D-Bus interface.