What the heck is Split-DNS and why do I want it?
If you have a split-tunnel VPN connection and you only want to resolve certain domains over the connection then Split-DNS is for you. Split-DNS will allow you to specify certain domains that should be resolved using the DNS servers on your VPN connection.
Starting Point
This article assumes you have a working split-tunnel VPN connection that has working routing and that you can reach the DNS servers on that connection.
It also assumes that either the OpenVPN server is not sending you any search domains, or the search domains are wrong.
Pre-Requisites
Since we are on Ubuntu with systemd we need to install the OpenVPN helper script:
| |
OpenVPN Config File Option
If you are using a .ovpn file for your connection you need to update our OpenVPN config and replace or add up/down scripts:
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE somedomain.com
dhcp-optoin DOMAIN-ROUTE someotherdomain.com
Note: You can push all DNS traffic over the VPN using the following
dhcp-option DOMAIN-ROUTE .
Network Manager Option
If you are using Network Manager for your OpenVPN connection you will need to us nmcli to set ipv4.dns-search:
sudo nmcli connection modify VPNConnectionName ipv4.dns-search "~somedomain.com,~someotherdomain.com"
Note: You can set DNS search suffixes and DNS routing at the same time by omitting the ~
Note: You can push all DNS traffic over the VPN using ~*
Useful Commands
To see what the current DNS routing is use resolvectl.
To clear the DNS cache use sudo resolvectl flush-caches.