Hi,
On 13/11/18 23:38, MRob wrote:
I use "push dhcp-option DNS..." option to give DNS to client, works great. But
when connecting client log shows local backup DNS:
Nov 14 01:14:22 mara dnsmasq[2719]: reading /etc/resolv.conf
Nov 14 01:14:22 mara dnsmasq[2719]: using nameserver 10.10.15.1#53
Nov 14 01:14:22 mara dnsmasq[2719]: using nameserver 192.168.0.1#53
Nov 14 01:14:22 mara dnsmasq[2719]: using nameserver 2602:411:23da:210::1#53
The last two are for local home router. I read that –resolv-retry default is infinite however I think I saw behavior when a
client falls back to local DNS when DNS query failed on OpenVPN host(server). I'm not sure but maybe the DNS response came
back NXDOMAIN so client tried its other DNS servers.
I want to invalidate all local DNS lookups to be sure no leaking. I want to do it in the OpenVPN config if possibl. (client or
server)
it looks like your client is running Linux/BSD. On those platforms there is no automatic way to invaliate local DNS settings
(like the Windows cilent block-outside-dns feature). You will have to resort to rolling out your own 'invalidate local DNS
settings' for your clients. There certainly is no way to *enforce* the blocking of local DNS stuff - if a client want to
continue using his/her own DNS settings, then he/she may do so.
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
