Tag: dns

Systemd-resolved DNS configuration for VPN

Systemd-resolved DNS configuration for VPN


When using ubuntu GUI VPN connection, the DNS might not be updated correctly. Following command can be used to update search domain and DNS server.

sudo systemd-resolve --interface tun0 --set-dns <dns_server> --set-domain <domain>

Note: The latest test in VPN GUI, the DNS setting is working as expected.


For openvpn command line,

openvpn --config client.ovpn --script-security 2 --up ./manual-config

The manual-config script can be as follow

set -e
resolvectl dns $dev
resolvectl domain $dev "~foo.example.com" "~bar.example.com"
resolvectl dnssec $dev off


systemd-resolve -i $dev \
  --set-dns= --set-dns= \
  --set-domain=foo.example.com --set-domain=bar.example.com \
  --set-dnssec=off  # <- Not super nice, but might be needed.

Another method is to use /etc/openvpn/update-systemd-resolved script, which is in openvpn-systemd-resolved package,

openvpn \
  --config client.ovpn \
  --up /etc/openvpn/update-systemd-resolved \
  --down /etc/openvpn/update-systemd-resolved \
  --down-pre \

NetworkManager Integration

To allow DNS and other options applied to new interface, a dispatcher file can be created, for example, /etc/NetworkManager/dispatcher.d/10-openvpn-tun0-up. The content can be as follows

#!/usr/bin/env bash


if [[ $interface != "tun0" ]] || [[ $event != "up" ]]
  return 0

# place your commands bellow this line

resolvectl dns tun0
resolvectl domain tun0 "~new.com"


Systemd-resolved DNS configuration for VPN
Network Manager script when interface up?

Add Search Domain for DNS in CentOS 8

Add Search Domain for DNS in CentOS 8

There is no option in network configuration GUI menu for search domain. Following steps can be used to add search domain.

  • Modify file /etc/sysconfig/network-scripts/ifcfg-<interface_name>
  • Add line SEARCH=<search_domain>
  • Restart NetworkManager by run command systemctl restart NetworkManager


How to configure static DNS and Search domain for Redhat / CentOS and Redhat Linux

Ping fails but nslookup works in MacOS

Ping fails but nslookup works

When performing nslookup, the IP can be returned. But when performing ping, return following error

ping: cannot resolve <hostname>: Unknown host


Second DNS server issue

The second DNS server isn't resolving the IP address.

Another DHCP server issue

Another DHCP server provide different DNS server.


killall -HUP mDNSResponder


DNS lookup fails but nslookup works

Using wildcard DNS record

Using wildcard DNS record

Using wildcard in DNS A or CNAME can reduce maintenance work, but this also has some drawback.


Updating DNS will take time, not only needs time to edit DNS entries, but also the DNS broadcast time, which can take more than 30 minutes to update an existing entry in other DNS server, and some DNS server can take even longer.

If use widecard, there is no editing requirement.


Search suffix

If /etc/resolv.conf has entry as below

search example.com

When searching for google.com, It might hit google.com.example.com if wildcard used, because google.com.example.com will return IP address as same as example.com.


Without editing entry, the some DNS servers might still caching old data. For example, if you have both wildcard *.example.com and a specific entry ftp.example.com, and you decided to remove ftp.example.com, the wildcard might not take effect.

Accessing non-exist domain

If using browser access undefined domain name, and hit the web server, using NGINX can perform redirect to change URL. This can fix the issues which web coding based on current URL.

server {
    listen 80;
    server_name *.mywebsite.tld;
    return 301 $scheme://mywebsite.tld$request_uri;

server {
    listen  80;
    server_name mywebsite.tld;


Is a wildcard DNS record bad practice?

DNS Configuration Basic

DNS Configuration Basic

Define subdomain using IP address

A record to define a subdomain to IP

A   www

Define subdomain using host

CNAME record to define a subdomain to IP

CNAME   www www.example.com

Default host for all subdomains

Following record is to give IP address of www.example.com to all subdomains.

CNAME   *   www.example.com

Default IP for domain

Use @ in A record.

A   @

Default EMAIL server

MX  mail.example.com    20

Note: The number is Priority