On Thu 30 Sep 2021 at 15:17:03 (+0200), Stella Ashburne wrote: > > Sent: Thursday, September 30, 2021 at 1:38 PM > > From: "David Wright" <deb...@lionunicorn.co.uk> > > > > My usual strategy is to let the Debian installer set the dns server to > > IP address of the router, and configure the router to query 8.8.8.8/1.1.1.1. > > It's not ideal if you have a router that doesn't "belong" to you, > > ie that you can't configure yourself. > > > In the past I used to let the Debian installer set the DNS resolver for me. > But you know what? When I did that, I found out that Debian added 192.163.1.1 > as one of the DNS resolvers. This was and is a No!No! for me because of > possible DNS leaks when I used a commercial VPN provider.
Is 192.163.1.1 a typo for 192.168.1.1? Or do you really mean that you were using a resolver at Texas Instruments? Let's assume the former. 192.168.1.1 looks like the d-i ran a DHCP client to get an address for your PC, and that the DHCP server that responded was probably your router, address 192.168.1.1, and so the d-i figured that your router would be able to resolve DNS. If it couldn't, it would pass the request through to whichever resolvers were set up in the router (by you). This is all standard practice. As I said, you are free to override it, and I gave one possible hack. (Hack because I haven't tried to keep up with the proper commands since it was mingled with systemd, and sprouted resolvctl.) The idea behind resolvconf is that when you connect to a different network (say, in a hotel), or to a VPN, it can update the resolver addresses in /etc/resolv.conf to suit, and reverse them when you disconnect. If you only ever want a fixed set of DNS resolvers, then I don't think you need resolvconf at all. Some people even make /etc/resolv.conf immutable. Cheers, David.