3

I'm in a WLAN which is censoring web sites by their DNS server.

As I want not to be censored I use a VPN (OpenVPN, NetworkManager) for all of my traffic.

If I try to resolve a domain, NetworkManager's dnsmasq asks both their DNS server and mine (VPN). Now the censorship depends on which DNS server responds first.

How do I get rid of that? (IMO) There is (also technically) no need to ask their DNS server as the VPN is "on top of" the WLAN.

[Edit] As requested:

  • NetworkManager uses dnsmasq.
  • pgrep dnsmasq -a
    • 2766 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
  • cat /etc/resolv.conf
    • nameserver 127.0.1.1
  • I don't use dhclient at all.
Improve this question
3
  • Do you use dnsmasq? If so, what is the output of: pgrep dnsmasq -a what is in your resolv.conf and do you use dhclient? Commented Mar 13, 2017 at 18:39
  • 1) NetworkManager uses dnsmasq. 2) 2766 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d 3) nameserver 127.0.0.1 4) No. Commented Mar 13, 2017 at 18:52
  • 2
    edit your question. Do not cram requested information into illegible comments. This is why questions are editable. Commented Mar 13, 2017 at 20:10

2 Answers 2

Reset to default
4

If you don't want the DNS Server from the lan, configure ipv4.no-auto-dns on that WLan. You don't need a VPN to avoid the limited DNS server, just configure a static address like 'ipv4.dns=8.8.8.8'.

Recent versions also have ipv4.dns-priority. if you set the priority of your VPN to a negative number, no DNS servers from your other connections are added. The VPN nameservers are then used exclusivly.

See man nm-settings

Improve this answer
2
  • A negative ipv4.dns-priority does the job. Thank you very much! Commented Mar 14, 2017 at 13:41
  • Thank you for this answer. I wonder why the ubuntu bug trackers about this issue do not suggest this. Commented May 15, 2018 at 13:35
2

As thaller said, you can set a negative number to ipv4.dns-priority parameter of your VPN connection. Doing that, only VPN DNS settings are used, including DNS servers and search domain.

This parameter is not configurable from network settings UI but you can set it using the NetworkManager command line tool, nmcli.

$ nmcli connection modify <vpn_connection_name> ipv4.dns-priority -50

More info:

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.