Hi. On Thu, Sep 30, 2021 at 03:41:27PM +0200, Stella Ashburne wrote: > > Of course, if you intend to use openvpn-provided DNS list only, things > > will be more complicated. > > > What did you mean by "openvpn-provided DNS list only"? I didn't know that > OpenVPN provides a list of DNS resolvers?
I did not mean the company behind the OpenVPN. What I meant is a list of DNS servers that can be announced by openvpn server one's connecting to. I.e. that particular list that can be processed on a client by /etc/openvpn/update-resolv-conf . The limitation of update-resolv-conf in its current (as of bullseye) form is that it does nothing to the list of the resolvers that are configured already before the openvpn handshake. Which could lead to DNS leaks, which are considered a bad thing by some. Back in the day I solved that problem by using a custom dnsmasq config and a handful of netfilter rules, these days I just use network namespaces. Reco
