NOTES: DNS without and with VPN + how to preserve local behavior when connected

[HenrikBengtsson]

Disconnected from VPN

When not connected to the VPN, I use the following nameserver to map hostnames to IP addresses:

$ dig ucsf.edu | grep SERVER
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)

This is because:

$ cat /etc/resolv.conf 
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
...
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

Connected to VPN

When connected to the VPN, I see:

$ dig ucsf.edu | grep SERVER
;; SERVER: 128.218.xxx.xxx#53(128.218.xxx.xxx) (UDP)

which is because:

#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
...

options edns0 trust-ad
nameserver 128.218.xxx.xxx
nameserver 128.218.xxx.xxx
search . ucsf.edu

Comment: I've masked the exact IP numbers.

[HenrikBengtsson]

In ucsf-vpn (>= 6.0.0), we can tweak this using the new "flavor" feature such that we get:

options edns0 trust-ad
nameserver 127.0.0.53
nameserver 128.218.xxx.xxx
nameserver 128.218.xxx.xxx
search . ucsf.edu

which will result in hostnames being resolved by the local, default nameserver, before the VPN provided ones.

For this to work, add a file ~/.config/ucsf-vpn/flavors/localdns/connect.sh with content https://github.com/HenrikBengtsson/ucsf-vpn/blob/develop/flavors/localdns/connect.sh.