Can't get DNS to work

[help777 0]

When I access a site in my browser it says it can't connect to that site's DNS. I'm on ArchLinux, and here are my config files:

 

/etc/resolvconf.conf

 

# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details

resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
#name_servers=127.0.0.1
name_servers=127.0.0.1
dnsmasq_resolv=/etc/dnsmasq-resolv.conf

 

/etc/dnsmasq.conf (added to that file)

 

resolv-file=/etc/dnsmasq-resolv.conf
conf-dir=/etc/dnsmasq.d

Then I ran sudo resolvconf -u, which updates these 2 files:

 

/etc/dnsmasq-resolv.conf

# Generated by resolvconf
nameserver 11.22.33.44        <----- this is my ISP's DNS server

 

 

/etc/resolv.conf

# Generated by resolvconf
nameserver 127.0.0.1

 

I added these lines to the end of the AirVPN .ovpn file, as specified in https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/. The /etc/openvpn/update-resolv-conf file exists, is up to date, and is executable.

 

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

 

Now when I do sudo systemctl start openvpn@airvpn-uk.service, I can't access any sites. How could I fix this? I think the issue is that /etc/dnsmasq-resolv.conf is showing my ISP's DNS even after connecting to the VPN.

[LZ1 672]

Hello!

 

If you're trying to use the Eddie client, please use the experimental version. Just a heads up .

[zhang888 1066]

Where does that ISP DNS comes from the first place?

dnsmasq cannot update the tunnel DNS in your case.

What is the content of your /etc/openvpn/update-resolv-conf?

[help777 0]

If you're trying to use the Eddie client, please use the experimental version. Just a heads up .

 

I'm trying not to use the client but just plain OpenVPN.

 

Where does that ISP DNS comes from the first place?

dnsmasq cannot update the tunnel DNS in your case.

What is the content of your /etc/openvpn/update-resolv-conf?

 

The file is exactly the same as in https://github.com/masterkorp/openvpn-update-resolv-conf/blob/994574f36b9147cc78674a5f13874d503a625c98/update-resolv-conf.sh

[zhang888 1066]

Please post the OpenVPN logs after connecting to the VPN (at the point your DNS servers are not updated but VPN is connected)

and the output of "which resolvconf" command.

[help777 0]

output of "which resolvconf" command

$ which resolvconf
/usr/bin/resolvconf

Please post the OpenVPN logs after connecting to the VPN (at the point your DNS servers are not updated but VPN is connected)

 

$ sudo systemctl status openvpn@airvpn-uk.service
● openvpn@airvpn-uk.service - OpenVPN connection to airvpn-uk
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2016-11-26 22:27:35 CET; 22s ago
     Docs: man:openvpn(8)
  Process: 19163 ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config %i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid --status-version 2 (code=exited, status=0/SUCCESS)
 Main PID: 19164 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@airvpn-uk.service
           └─19164 /usr/bin/openvpn --cd /etc/openvpn --config airvpn-uk.conf --daemon openvpn@airvpn-uk --writepid /run/openvpn@airvpn-uk.pid --status-version 2

Nov 26 22:27:38 comp1 openvpn@airvpn-uk[19164]: TUN/TAP device tun0 opened
Nov 26 22:27:38 comp1 openvpn@airvpn-uk[19164]: TUN/TAP TX queue length set to 100
Nov 26 22:27:38 comp1 openvpn@airvpn-uk[19164]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 26 22:27:38 comp1 openvpn@airvpn-uk[19164]: /usr/bin/ip link set dev tun0 up mtu 1500
Nov 26 22:27:38 comp1 openvpn@airvpn-uk[19164]: /usr/bin/ip addr add dev tun0 10.4.7.169/16 broadcast 10.4.255.255
Nov 26 22:27:38 comp1 openvpn@airvpn-uk[19164]: /etc/openvpn/update-resolv-conf tun0 1500 1558 10.4.7.169 255.255.0.0 init
Nov 26 22:27:43 comp1 openvpn@airvpn-uk[19164]: /usr/bin/ip route add 46.166.165.124/32 via 192.168.1.1
Nov 26 22:27:43 comp1 openvpn@airvpn-uk[19164]: /usr/bin/ip route add 0.0.0.0/1 via 10.4.0.1
Nov 26 22:27:43 comp1 openvpn@airvpn-uk[19164]: /usr/bin/ip route add 128.0.0.0/1 via 10.4.0.1
Nov 26 22:27:43 comp1 openvpn@airvpn-uk[19164]: Initialization Sequence Completed

[Staff 9972]

Hello!

 

We see that your system is based on systemd and not initd, so please take care to read carefully here:

https://wiki.archlinux.org/index.php/OpenVPN#DNS

specifically "Update systemd-resolved script" paragraph.

 

Your script "update-resolv-conf" will probably not work properly in your system.

 

Kind regards

[help777 0]

I've followed the instructions in that link. I've added these lines to the end of my /etc/openvpn/airvpn-uk.conf

 

script-security 2
setenv PATH /usr/bin
up /etc/openvpn/update-systemd-resolved
down-pre /etc/openvpn/update-systemd-resolved

 

But still the resolv.conf files aren't getting updated and DNS doesn't work. I have an up to date system and restarted everything. What can I try next?

[Staff 9972]

Hello,

 

can you please check whether your /etc/resolv.conf file has the "immutable" flag set? If so, nothing can change it with ordinary r/w operations (not even root) until you clear the flag with chattr.

 

Kind regards

[help777 0]

can you please check whether your /etc/resolv.conf file has the "immutable" flag set? If so, nothing can change it with ordinary r/w operations (not even root) until you clear the flag with chattr.

 

Doesn't seem to be the case. I can change the file successfully using a text editor. Also

$ lsattr /etc/resolv.conf
------------------- /etc/resolv.conf