>From:
> Sebastien Marie <sema...@openbsd.org>
>To: Adam Smith <ken...@dcemail.com>
>Cc: misc@openbsd.org
>Received-On: Today 09:17
>Subject: Re: OS is leaking DNS
>More...
>
Hi Sebastien,
>without seeing any configuration files it is a bit complex to be sure...
Did you mean the configuration file of *.ovpn? Well, the contents of my *.ovpn
file are as follows:
----start of config file------
remote 50.149.115.121 1194 tcp-client
client
tls-client
dev tun
auth-user-pass auth.txt
resolv-retry infinite
mute-replay-warnings
nobind
persist-key
persist-tun
ns-cert-type server
verb 1
remote-cert-tls server
setenv CLIENT_CERT 0
<ca>
-----BEGIN CERTIFICATE-----
{{{suppressed on request by VPN vendor}}}
-----END CERTIFICATE-----
</ca>
----end of config file------
>with my magic hat, my interpretation is:
> - you don't configure specific options in dhclient.conf, so when your
> ISP send to you the DNS list, dhclient(8) adds it to /etc/resolv.conf
Thanks for telling me that. I know it now.
> - you added your preferred public DNS servers in resolv.conf.tail, so
> these addresses will be *at bottom*
I see....
> - your /etc/resolv.conf should look like:
>
>nameserver ISP-DNS-address
>nameserver preferred-public-DNS-address
According to your above example, my ISP will handle DNS resolutions and if it
is unable to do it, then my preferred DNS resolvers will take over the job, is
that correct?
>I think what you want is to override the DNS addresses provided by your
>ISP. It could be done using dhclient.conf, with the following line for
>example:
>
> supersede domain-name-servers 8.8.8.8;
My question: if I override/supercede my ISP's DNS servers, how will I be able
to surf or ping websites the very first time I try to connect to the internet?
You know, as in, for example, like after booting up OpenBSD, I launch Firefox
browser and try to surf to www.unhcr.org
>Take a look at dhclient.conf(5) man page for more information.
>
> supersede option option-value;
> Use option-value for the given option, regardless of the value
> supplied by the server.
I did read that man page at least three times and am still clueless. I wish to
let you know that I don't have formal training in IT and English is not my
native language.
Regards.
Adam
http://www.DCpages.com
