On 2018-11-15 12:03, Jan Just Keijser wrote:
Hi,
On 13/11/18 23:38, MRob wrote:
I use "push dhcp-option DNS..." option to give DNS to client, works
great. But when connecting client log shows local backup DNS:
Nov 14 01:14:22 mara dnsmasq[2719]: reading /etc/resolv.conf
Nov 14 01:14:22 mara dnsmasq[2719]: using nameserver 10.10.15.1#53
Nov 14 01:14:22 mara dnsmasq[2719]: using nameserver 192.168.0.1#53
Nov 14 01:14:22 mara dnsmasq[2719]: using nameserver
2602:411:23da:210::1#53
The last two are for local home router. I read that –resolv-retry
default is infinite however I think I saw behavior when a client falls
back to local DNS when DNS query failed on OpenVPN host(server). I'm
not sure but maybe the DNS response came back NXDOMAIN so client tried
its other DNS servers.
I want to invalidate all local DNS lookups to be sure no leaking. I
want to do it in the OpenVPN config if possibl. (client or server)
it looks like your client is running Linux/BSD. On those platforms
there is no automatic way to invaliate local DNS settings (like the
Windows cilent block-outside-dns feature). You will have to resort to
rolling out your own 'invalidate local DNS settings' for your
clients. There certainly is no way to *enforce* the blocking of local
DNS stuff - if a client want to continue using his/her own DNS
settings, then he/she may do so.
HTH,
HTH? yes! I didn't know block-outside-dns! I will push it for windows
use.
Can you tell me if block-outside-dns works on other platform, like
android or iphone?
Also would you able to help me find documentation or how-to for creating
linux script to remove outside DNS after connect to VPN? Can script be
run from post-connect hook on client side?
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
